Understanding the Mobile Guardian breach

What's up with Mobile Guardian and why are some students so badly affected? Is their data gone?

Mobile Guardian woes have been making the news since Sunday. As the dust settles, the full impact is only now being understood.

What is Mobile Guardian

But first, what is Mobile Guardian? It's a feature-rich management suite designed for mobile device management (MDM) for schools.

In addition, it offers features that educational institutions want. With it, schools can:

• Push new apps to devices.
• Filter Web and YouTube content.
• Blank out screens or distribute content.
• Track device activity and enforce usage hours.
• Integrates with Apple School Manager (iPad, macOS).

According to a 2020 press release, Mobile Guardian, a UK firm, offers its solution to MOE through Singapore-based GSA Education.

Depending on individual schools, Mobile Guardian is used to manage iPads or Chromebooks.

Mobile Guardian hacked

Mobile Guardian says it detected "unauthorised access" to its platform on 4th August at 2pm.

• Global users affected: US, Europe, Singapore.
• Some users had their devices wiped remotely.
• All Mobile Guardian services currently halted.

Mobile Guardian says it is investigating the breach.

Note: A configuration error caused problems with iPad users in Singapore on 30th July - lots of complaints about this on Reddit. Mobile Guardian says it is unrelated to the hack.

Tell me again in English

Ok here goes.

🔸In MDM, a mgmt server sends device policies to "enrolled" devices such as iPads or Chromebooks. Software installed on these devices then interprets the policies and enforces them.

🔸Say: No YouTube during class, no WhatsApp at all times, and no Internet access after 10pm. It's up to schools to define their desired policies.

🔸Hackers gained access to Mobile Guardian's servers on Sunday and used their control to remotely format "a small percentage" of devices.

🔸Panic sets in at Mobile Guardian. To protect unaffected users, the UK firm pulled the plug on its mgmt servers. Devices are cut off, and the installed software defaults to locked-down mode.

🔸Chaos ensures as students find themselves unable to access their devices for projects or to revise for exams this week.

What now?

To fix things quickly, MOE is now ripping out (the now unresponsive) client software on Mobile Guardian. But because the software is designed to resist removal, this requires a factory reset.

Is student data all gone? That depends:

• Notes backed up on Google Drive can be recovered.
• Notes stored on devices only are likely gone.
• Ditto if backups are done months ago.

Unfortunately, there is nothing parents can do unless there's a backup.

Do you have good data backups yourself?