LANrev Software Found Hacker-Friendly

A security firm 'Leviathan Security Group' has claimed that a litigious remote spying application installed by a Pennsylvania school district on the school-issued laptops of students has a security bug that poses the risk of students being spied by outsiders.

The program in question, called LANrev, contains a flaw that would facilitate anyone sharing the same network to implant malware on the laptop of any student and thus, giving remote control of the PC to the intruder. As a result, the outsider would be able to steal information from the PC or control the webcam of that system to see secret pictures.

It is noteworthy that the alleged spying was first discovered in November 2009, when an official at Harriton High School accused a student Blake of showing indecent behavior at his home and showed a picture taken by his PC. Later, it was confirmed by an assistant principal of the school that the district holds the right to remotely install webcam on the school-issued laptops of the students.

It was in February this year that LANrev program entered a controversy when the student (Blake) and his parents filed a legal grievance against the school district for remotely activating cameras in laptops provided by the school in order to keep an eye on students in their homes.

Following the spying allegations, the district called off the webcam-tracking program in February 2010. As the district said, it was currently addressing security flaws in the LANrev program.

Douglas Young, spokesman for the school district, said that they are taking immediate and effective measures to make sure that issues pertaining to security and technology are sorted out efficiently, as per the news published by WIRED on May 20, 2010.

Meanwhile, the flaw in the LANrev software lies within symmetric-key encryption used by it to authenticate between the server and the client and it has no relation with the optional Theft Track feature. Thus, even PCs not using the theft feature are potentially susceptible.

The LANrev software served just as an entry point for malware installation. The LANrev administrator can remotely implant and run other programs on the end-user's system and once he's on the machine, he can easily install malicious programs on that machine, explained security researchers.

» SPAMfighter News - 5/31/2010