

Students Find Ways To Hack School-Issued iPads Within A Week - danso
http://www.npr.org/blogs/alltechconsidered/2013/09/27/226654921/students-find-ways-to-hack-school-issued-ipads-within-a-week

======
betterunix
Reminds me of the various ways we found to defeat school firewalls when I was
in high school. At the time we simply took it for granted that those in power
(i.e. the school itself) were going to try to censor us, and it was our
"little secret" that we could defeat that censorship.

As an adult I look back at those days and make comparisons with the situation
in China...

~~~
Cub3
I was going to say this too, I remember initially using web based proxies like
proxify and hidemyass until they were all blocked then we figured out the
blocking system didn't work on a wildcard so www.facebook.com would be blocked
for example but bypass.facebook.com would not.

So a few of my tech savvy friends and I setup a web based proxy on a free host
which just wildcarded the sub-domains, I can't remember exactly how we did it
but we had that going for a long time.

Pretty sure we used a script like
[http://www.phpmyproxy.com/](http://www.phpmyproxy.com/)

------
RKearney
I'm guessing this merely involved removing the mobile device manager
certificate from the iPad through the Settings. Once the certificate is
removed, any "lock downs" and settings the school pushed out are removed with
it.

~~~
paulhodge
I think you might be right. I listened to the NPR piece - there's a part where
the interviewer asks a kid to show him the hack. As the kid is doing it he
says, "you just go to Settings, then General, then ... oh it looks like
someone already did it". In other words the whole "hack" was done just by
messing around in Settings.

------
patmurraydev
At our school in Australia, everyone was issued laptops last year. The rollout
began with seniors (y12) and progressed down through the years. Within about 2
hours of having the machines most of my year had installed chrome, bypassed
the web filtering, installed iTunes and copied their music to the laptops. The
school knew immediately, and came around to the classrooms to inform everyone
that we had now been restricted to 10GB of space on the laptops, and that they
had removed iTunes and chrome.

For the remainder of the year everyone found ways to play games and to log
onto various school servers and mess with things. It was more a point of we
could. A lot of people still used pen and paper, or their own laptops. The
most common use of the school issued laptops was free Internet, and thus
youtube/ pandora.

From my understanding the younger years don't act such ways as we did being in
year 12, and I think it's just a time thing. For them the school laptop is
part of their schooling equipment, but for us we went through 10yrs of
schooling without a laptop, so getting one was novel.

------
austenallred
Sounds like they all learned a bunch. Mission accomplished.

------
frenger
> The students are getting around software that lets school district officials
> know where the iPads are, and what the students are doing with them at all
> times. This software also lets the district block certain sites, such as
> social media favorites like Facebook.

ThT paragraph could be taken straight from Cory Doctorow'a Little Brother

~~~
csense
I was going to quote the exact same sentence.

"Knowing where the iPads are at all times" is an invasion of student privacy.
If a student (or their parents) claims the student's sick, but the GPS shows
their iPad spent the day riding roller coasters, can they be busted?

------
jccc
"The students are getting around software that lets school district officials
know where the iPads are, _and what the students are doing with them at all
times_."

(Emphasis added.)

This is not in the lead, not in any way suggested by the headline, and not
mentioned again anywhere in the article. So I guess this feature of the
district's monitoring isn't really worth thinking much about and it's okay to
condition young people to get used to it?

~~~
monkeyspaw
I dunno, I could see that really resonating with parents who want complete
knowledge of their child's location at all times. And what they were doing.

That type of technology satisfies every parent: those who want to be
helicoptering, can see where their child is at this very moment. The parents
who don't care, can do nothing.

I applaud your general cynical outlook. However, I tend to think schools can
only control 1 thing: parents being upset. Politicians / standardized scores /
etc., all are generally outside of the individual school (staff, admin,
teachers) control.

So schools optimize to minimize parental complaints and staff time, because
it's one of the few knobs they can turn.

~~~
jccc
Parents != school staff. I don't think anyone asked parents, "Let our IT staff
monitor your child's location and activities at all times, on campus and off."

Even if it were parents alone instigating this, I'm not okay with conditioning
teenagers to get used to this kind of surveillance.
[http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_...](http://en.wikipedia.org/wiki/Robbins_v._Lower_Merion_School_District)

[http://webcache.googleusercontent.com/search?q=cache:_Hv-
Rrq...](http://webcache.googleusercontent.com/search?q=cache:_Hv-
Rrqr8PsJ:thelede.blogs.nytimes.com/2010/02/19/school-accused-of-using-webcam-
to-photograph-student-at-home/+&cd=1&hl=en&ct=clnk&gl=us)

------
anmol
Maybe now we can all just give them tablets with root access, intentionally
designed to be "hacked".

Even better, give them Raspberry Pis' and let them code what they need to get
to Facebook and every other site. 5-10x cheaper than an iPad, substantially
more instructive.

~~~
andrewflnr
You want them to code a Facebook-capable web browser? I mean, I'm in favor of
handing out hackable hardware, but at least let them install a pre-built
browser. :)

------
vezzy-fnord
Of course the students are going to find ways to reclaim their device. The
point of flooding in iPads isn't to actually improve the standard of
education, but to give out an illusion of progress and keeping up with
contemporary times.

Besides, the fact that it's iPads in the first place shows you something.

~~~
VLM
A good observation, although you missed the somewhat creepier "anything thats
not compulsory is (and should always be, for everyone) forbidden" meme. Why,
all tablets should have whitelist censorship, its for the children after all.
And if a parent owns a tablet without censorware well thats not going to
punished, yet... But we can't have people thinking freedom is possible or a
good thing, so something has to be done...

I have relatives in the .k12 .edu biz including one who teaches a class with
like 5 ipads for 20 kids... now its not like there's a line in the budget for
apps, and if there were one, what existing program should they cut? And its
not like the school day has increased in length, so what subject gets cut so
the kids can play Angry Birds? Reading? Math? And if every kid has one, it
could kinda work, but what can you do with only 5 per class room? Example
#6749235 of non-educators very expensively trying to tell educators how to
educate, and failing as they always do. They do make nice shiny paperweights,
till the glass breaks anyway.

~~~
Osmium
> And if every kid has one, it could kinda work, but what can you do with only
> 5 per class room?

I don't know. When I was in school at about age 10 we had a handful of palmtop
computers[1] between a class of 20-30. I didn't get to spend much time with
them, but found it exciting and enlightening when I did, especially given that
we didn't have something like that at home. Time with the devices was used as
an incentive for good work in class, so it helped with that respect too
(wasn't allowed to use them until assigned work had been completed and was
correct).

It also taught a more subtle lesson, which was about responsibility. The
devices were clearly expensive for the school, but if you showed you could be
trusted, you could get away with using them without active supervision.

All in all I'd say it was a success. It certainly got me interested in
computing, even within the fairly restrictive sandbox that they were. I can't
see why the modern equivalent (iPads) should be any less of a success,
especially in areas where children are less likely to be able to afford and
use one at home.

[1] e.g. something like this
[http://www.palmtoppaper.com/images/HP200LX_1.gif](http://www.palmtoppaper.com/images/HP200LX_1.gif)

~~~
betterunix
The problem is not with the iPad specifically. The problem is that the
students are in an educational environment where censorship is _the norm_. I
understand that schools have to have firewalls or they risk losing their
funding, but the immediate question is what those schools do with students who
learn how to defeat those firewalls? Do those kids get punished for their
unauthorized knowledge (so far the punishment is just, "no more iPads at
home," but it could have been a lot worse)?

~~~
bronxbomber92
When I was in high school (~4-5 years ago), I was often "caught" for using a
proxy to get around the firewall. Other kids were often caught, too. In both
cases, the proxy would become blacklisted. However, in all other regards the
school would turn a blind eye and never reprimand me because they knew I was
visiting sites like gamedev.net (a game development/programming website that
was blacklisted because it had "games" in the description). However, most
other kids were punished because often times they were visiting porn sites and
infecting the computers with viruses/malware/etc.. Unfortunately, the majority
of kids (in my school, at least) fall into this camp who aren't bypassing
firewalls for productive reasons, but rather for reasons that usually at least
cost the school hundreds of dollars in fixing the computers.

The take-away I'm trying to convey is that, in my experience, (a) schools dole
appropriate punishments -- it's not a black and white "you disobeyed rule X,
which means punishment Y follows" \-- and (b) the (limited) censorship is also
a cost saving measure and usually warranted.

~~~
betterunix
My experience is a bit different. First, my high school was profoundly
hypocritical, allowing teachers unfettered access while forcing students to
deal with a firewall -- I know this because one of the ways we discovered to
defeat the firewall was to give your computer an IP address in the range
assigned to the teachers' computers. Second, the punishments are neither
appropriate nor acceptable in many cases, with suspensions, ludicrous bans on
even touching school computers, and other draconian measures being doled out
for things such as _modifying boot scripts to display a message_ (my own pride
and joy from middle school).

Finally, the censorship is not limited, at least not by any definition I would
use. You yourself said that your school's firewall blocked a website that had
the word "games" in it. I have seen hackaday.com blocked for having words like
"hack" in it. When I was a kid these firewalls would also block websites that
had the word "vagina," "penis," "breasts," "semen," "nipples," and so forth
appear enough times -- like, say, a medical website. This article mentions a
ban on _streaming music_ and social media. The blacklist is so long I have to
wonder why they do not just switch to a whitelist, or why they even bother
with Internet access at all.

Even if the censorship were limited, I cannot see how it would be justified.
Suppose only hardcore pornography were blocked -- how is that acceptable?
Would it not be better to punish students caught watching pornography at
school by having them write a lengthy essay about the history and politics of
pornography (and wouldn't the ability access at least one pornography website
be necessary?)? If the goal is _education_ shouldn't the focus be on
_educating_ , rather than on trying to shield students from the world?
Consider the flip side of this: as a kid I was once sent to a summer program
for programming, and one of the other students was caught installing back
orifice on the computers. His punishment was to explain the software to
everyone, along with the ethics of installing it without permission.

------
ma_mazmaz
This is certainly not an issue with iPads, specifically. Students probably
spend more time using computers for entertainment and social networking than
they do for school, but that doesn't stop teachers from taking their students
to computer labs to type essays. Just because something can be used for fun,
doesn't mean that it has a place in schooling. Moreover, students very
commonly get around the very weak security procedures in place, which, more
often than not, prevent students from doing legitimate school work, rather
than preventing abuse.

------
Trezoid
Honestly, I'm a little surprised they weren't all completely open by lunchtime
the first day. Kids, when given access to technology in a school environment
will _always_ find new ways to (primarily) play games, and those ways will
evolve as the schools desperately struggle to keep up, but the school will
always lose that particular arms race.

------
bloaf
The schools are indirectly proving the old computer security saying which
holds that there is no security without physical security. As soon as the
school hands the iPads to the students, there is nothing the school can do to
ensure they remain in control of the device.

------
SG-
So what's the actual "hack"? A proxy?

~~~
drakaal
More like Un-proxying. The devices have a proxy installed that limits where
you can go and they just remove the proxy.

This is the equivalent of going in to your phone and changing the APN.

I don't know which software they are using, but most either intercept the DNS
or use a constant Transparent Proxy.

~~~
zachlatta
I go to one of the schools that implements this program. Most of these schools
have software from Bradford Networks
([http://www.bradfordnetworks.com/](http://www.bradfordnetworks.com/)) that
acts as a transparent proxy. In addition to blocking many websites, it blocks
all ports besides 80 and 443. To get around it, I connect to an OpenVPN server
on port 80 through TCP. Why do I circumvent it? I need access to port 22 to
push to GitHub and connect to my VPS. I also need access to port 21 to access
various educational FTP servers.

Removing restrictions on a school-issued iPad is significantly easier.
Removing current profile on the iPad also removes all of the imposed
restrictions.

------
ivanhoe
Is that tracking that important? Did officials learn anything useful from it
(other than a fact that people hate being tracked by officials)?

------
f00_
"Hacking" their iPad, as in running a widely available pre-complied exploit...

~~~
wavefunction
hacking- routing around obstacles

cracking- breaking obstacles

sounds legit imnsho

------
kunai
The solution: just use fucking _books_.

Yes, they're heavy and a pain to drag around, but do you seriously have a
better idea? They're infinitely versatile and aren't scared of getting tossed
around.

iPads as an educational tool has to be the most ridiculous attempt yet at
"digitalizing" education.

There's a little-known Steve Jobs video
([http://www.youtube.com/watch?v=Q82weiAJmaA](http://www.youtube.com/watch?v=Q82weiAJmaA))
where he says that computers and technology are absolutely no substitute for
an environment that promotes curiosity and a thirst to learn.

Also, books don't cause eyestrain, they have insanely fast refresh rates, and
you can flip to any one section quickly and easily without tearing your eyes
out.

~~~
jogzden
What about something like, let's say, a kindle made for school, which stores
the student's textbooks and readings. I'd think that this would be a much
better alternative since it has limited use to begin with.

~~~
kunai
That's feasible, but schools are too interested in looking "modern" and
"sleek" by using Apple devices, so they won't use Kindle because its
interoperability with Apple devices is not as good as something like iBooks.
Part of it is a ploy to impress parents, part of it is just the "because we
can" attitude of the administration.

------
erbo
We all know there are three ways to ensure something gets done: (1) Do it
yourself. (2) Hire someone else to do it. (3) Forbid your kids to do it.

But I'm surprised that this surprised the LAUSD. They chose to pit their
intelligence against the collective cleverness of a high school's worth of
teenagers that wanted their Facebook, Twitter, Pandora, Angry Birds, and
Minecraft.

LAUSD: Did you know that if you put a little hat on a snowball it can last a
long time in hell? (Yes, I stole that line from a _Dilbert_ cartoon. That's
what this whole episode resembles.)

------
madaxe
These master hackers should all be put in solitary for 30 years, for
deliberately circumventing a digital protection system and thus breaking the
CFAA.

Perhaps then people may begin to understand why these laws are ridiculous.

~~~
mgkimsal
No. Tech-savvy people already understand why they're ridiculous. The non-
techies are still generally scared of or intimidated by tech stuff, and would
simply view that as acceptable punishment for 'hackers' ('hacker' being
defined as someone who uses a computer for more than facebook and angrybirds).

~~~
madaxe
Non-tech-savvy folks I would hope would understand the wrongness of a bunch of
children being thrown in solitary for wanting to play Angry Birds.

If the American people can't and won't see the wrongness in that, then America
truly is utterly doomed, and its populace deserves the darkness that will
ensue.

~~~
mgkimsal
I don't specifically see 'tech ignorance' in the US - the few places I've
travelled (spain, uk, australia, russia) - tech ignorance is the norm. Get
beyond turning on the table/phone/desktop, sending emails, using facebook, etc
- the average person is effectively lost.

