Tuesday, March 10, 2015

GOJ can’t stop TIS Project Tablet Hacking – How to Access Blocked Websites using Browsers, VPN Apps and Custom Cloud Drives

The TIS (Tablet in Schools) Project has finally hit some serious hiccups.

This as the Minister of Science, Technology, Energy and Mining Phillip Paulwell recently admitted in Parliament that the Contractors hire by the ministry to procure Tablets for the TIS Project cannot prevent students from visiting inappropriate websites as stated in the article “Gov't Unable To Block Inappropriate Content On Tablets”, published Wednesday March 4, 2015, The Jamaica Gleaner.

Minister of Science, Technology, Energy and Mining Philip Paulwell made this admission on Tuesday March 3rd 2015 during the Standing Finance Committee of Parliament.

Some JA$114 million is being earmarked for the procurement of e-books and Web content for the Tablets to replace the need for parents to purchase books as noted in my blog article entitled “JA$114 million spent on Content for TIS Project Tablets - JA$76 million on Math, English and Science Content by January 2015 to stop Teachers Padding Book-lists for Commissions”.

This means that the Tablet will no longer be free, possibly costing JA$9000 by the time the New School Term that starts September 2015 as predicted in my blog article entitled “TIS Project a Success with Boys - JA$9000 for Subsidized Tablets as TIS Project replaces 600,000 Students School Books with e-books come September 2015”.

GOJ can’t stop TIS Project Tablet Hacking – Tracking LBS using IMEI Lableing still works, however

Good to note though the tracking Technology that's installed in the Tablets is working, as Minister Paulwell report that five (5) of the nine (9) Tablets reported Stolen thus far have been recovered, which translates to a 55.6% success rate in the recovery of stolen TIS Tablet.

This suggests that the use of LBS (Location Based Services) coupled with IMEI (International Mobile Equipment Identification) Number Labelling of the Tablets to restrict their access after being stolen is the mechanism I'd suspected in my blog article entitled “State Minister Julian Robinson hopes Tablets boost Innovation in ICT - How TIS Project Tablets are secured using GPS and IMEI Labeling”.

In short, the report of Students hacking the Tablets back in October 2014 centered on the removal of the access to inappropriate Websites i.e. Pornography websites and Social Medias Websites such as Facebook as noted in my blog article entitled “Male Student hacks TIS Project Tablet as Distribution Expands - Tablets Problems require Creative Jamaican solutions to deliver Lessons to the Learners We Teach”.

However, based on the fact that the Tablet can be recovered, these hacks do not involve the disabling of the LBS or the CMS (Content Management Software). Kid, after all, are blissfully unaware that their Tablet are being tracked by the four (4) Contractors hired to procure the Tablets and are merely interested in seeing some porn.

These four (4) contractors are:

1.      Innovative Corporate Solutions
2.      Digicel Jamaica
3.      Productive Business Solutions
4.      GeoTech Vision Enterprises Limited

So how did this all begin? And were there early warning signs about the hacking of TIS Project Tablets? Even more interesting, what can be done to prevent this from getting potentially worse?

GOJ can’t stop TIS Project Tablet Hacking – Hacking Problem as conveyed by the Statistics

This admission means possibly thousands of High School Boys (and Girls with high level of curiosity!), may be trying to access these inappropriate websites as I type as the knowledge spreads among the children.

Already the Stats are not looking good for this Test Pilot for the TIS Project if this problem spreads, based on the words of Minister of Technology Phillip Paulwell:

1.      25,000 Tablets under the TIS Project for distribution
2.      17,000 TIS Tablets distributed up until December 2014
3.      18,000 TIS Tablets distributed by the end of December 2014
4.      7000 Tablets distributed in early weeks of the Easter term in 2015

The total 27,000 Tablets, the eventual target that is just another two thousand (2000) tablets added on to the 25,000, is broken down by the four (4) Contractors is as follows:

1.      10,500 Tablets from Innovative Corporate Solutions
2.      5,500 Tablets from Digicel Jamaica
3.      5,500 Tablets from Productive Business Solutions
4.      5,500 Tablets from GeoTech Vision Enterprises Limited

For this problem to be significant enough to warrant more attention, it has to affect about 10% of Tablets or roughly 2,500 Tablets. Since Minister Paulwell isn’t forthcoming with those figures, we can safely assume that it’s becoming noticeable but not statistically significant i.e. this may just be a Media Storm in a Teacup!

Oddly enough, this problem of children being able to access these inappropriate websites is not new and was the main concern of acting principal of St James High, Denzil Reid in December 2014 as noted in the article “Early Hiccups For 'Tablets In Schools' - Education Minister, E-Learning Not Alarmed By Teething Pains”, published Sunday December 14, 2014, The Jamaica Gleaner.

To quote acting principal of St James High, Denzil Reid: “We were extremely happy to know that we got such devices, but it has caused some negative things to happen. Because the students have the tablets now they don't want to go to class as before, because they want to hide away to use it. I can't even say for negative things because we haven't found anybody visiting those negative or undesirable sites, so to speak, because they always run when you are coming”.

This is putting the JA$1.4 billion taken from the USF (Universal Service Fund) back in 2013 to finance the TIS Project, which is a part of the E-Learning II Project in jeopardy as noted in the article “$1.4b To Finance Tablet Computers In Schools Programme”, Published Thursday December 19, 2013, The Jamaica Gleaner.

Many of them might have peers that attend other high schools as many are from the same communities; they can easily share what they’ve figured out in trying to access these inappropriate websites and thus increase their chances of breaching the CMS (Content Management System) on these Tablets.

So the question begs, how does one access blocked websites on Tablets?

How to Access Blocked Websites on an Android Device – Firefox and Opera Mini Browsers

Good to get the obvious out of the way; these Tablets are not Branded Tablets i.e. Asus, Lenovo, Huawei, as I’d speculated in my blog article entitled “Tablet In Schools Project launched for September 2014 – How Teachers Benefit as Female interest in ICT Industry Blossoms”, but Generic “white Label” Chinese Tablets that have been rebranded by each of the four (4) contractors for the TIS Project.

This means simply put, they are Tablets running Google Android, most likely Google Android 4.3 Jellybean or Google Android 4.4 Kitkat.

Which means the security settings to secure your child’s table s described in my blog article entitled “How to Lock down your Child’s Tablet or smartphone and Apps to Block, Protect and Notify you of your Child’s whereabouts Online - Defense Against the Dark Arts” can be bypassed.

The CMS that the contractors installed on the Tablets disabled the Google Play Store as well as access to inappropriate websites using a white list of these websites. I know this as I was involved in a phone interview discussion hosted on Nationwide News Fm 90 on Thursday 6:45pm Thursday 5th of March 2015 where the topic of discussion was Tablets in TIS Project being hacked.

I had explained during that phone interview that the students may have side-loaded Apps onto the Tablets that allowed them to gain access to the Internet such alternative Browsers such as Mozilla Firefox or even the Opera Browser as explained in my Geezam blog article entitled “Opera Mini Browser continues to be Growing Strong as smartphone Growth marches forward”.

The Opera Mini Browser is also popular on Blackberry and smartphones and is available on certain Nokia smartphones such as the Nokia X Series Smartphone s as reported in my blog article entitled “Opera Browser for Nokia X Series – Discovery with Opera Turbo is a Speed Dial Away as Opera is Riding West”.

How to Access Blocked Websites on a Android Device – Free VPN Apps side-loaded via MicroSD Cards

Another alternative is that they can also side-load VPN (Virtual Private Network) apps such as Hola Free VPN that would allows them to bypass any Internet setting set by the CMS as noted in the article “How to Access Blocked Websites on an Android Device”, published November 19, 2014 by TechVerse.

A VPN is really you logging into the ISP (Internet Service Provider) in another country, thus making it appear that you’re accessing the internet from their ISP and not your local ISP from your Telecom Provider as explained in my blog article entitledHow to find Free TV online and how to Stream from Hulu or Netflix in Jamaica - Jamaican Pirate of the Caribbean on Stranger Tides Streaming Restricted US Content”.

For this reason, persons who work online in the USA but reside in Jamaica often use a VPN to mask their actual location, getting the best of American Content as well as Online Jobs as explained in my blog article entitled “Surfing the Internet Anonymously using VPN - How to use Streaming Set Top Boxes over VPN”.

Hola Free VPN is one of many VPN Apps on the Google Play Store that you can download as note d in the article “The best free VPN services of 2015 for UK users: access blocked sites and surf the web anonymously”, published 06 March 15 By Mike Bedford, PC Advisor.

These Apps than be downloaded on a different smartphone or tablet, save on MicroSD Card and then side-load into a Google Android Tablet.  I’ve compiled a list of all the “free” VPN that can be used by Smartphone and Tablet users to access blocked services on a Telecom Providers 3G or 4g LTE Network:

1.      Cyberghost
2.      Hideman VPN
3.      Hola Free VPN
4.      Hotspot Shield
5.      Private Tunnel VPN
6.      TunnelBear

Please note that these VPN aren’t really “free” by trialware; after a while they’ll start wanting to upgrade you to a paid version or ask you to pay for premium service. So it’s not entirely free, but just “free” enough to allow you to visit that website that’s being blocked from your eyes.

VPN’s are great for not only masking your IP Address but for bypassing blocked features such as VoIP Calling as was the case when Digicel Blocked Viber back in June 2014 as reported in my blog article entitled “Digicel blocks VoIP Services Viber and Nimbuzz in Haiti - Digicel losing International Calling Revenue but will be worse when WhatsApp comes

Anecdotal reports at the time suggested that a lot of persons were using VPN on their smartphones to get around Digicel’s blockade of Viber, accessing the Internet from a Different IP address or Logical Ports over the Internet to make free Calls.

If many of those persons were teenagers, they may have transferred that knowledge to Tablets and thus have figured out or were shown by adults how to use VPN to bypass the CMS on the Tablets and access these inappropriate websites.

How to Access Blocked Websites on a Android Device – Custom Google Drive, Dropbox Links

Finally, if they are tech-savvy enough, they can also download the content from these websites e.g. Porn video to High School sex video on a different computer at home.

They can then and share them via a Dropbox or Google Drive hyperlink, appropriately shortened using a URL shortener as explained in my blog article entitled “How to use Dropbox, Google Drive and Sound File Sharing Websites to Share and Promote your Content online - Sharing is Caring”.

These are custom URL that are difficult to block, as the teacher may also wish to share valuable content or even several Dropbox folder with Homework as explained in my blog article entitled “How to share Public Dropbox Folders, allowing Downloads from your Dropbox Account - Sharing is Caring up in the Clouds”, making them very difficult to white list.

TIS Tablets not hacked, just VPN access – Whitelist needs to include VPN to avoid Problem spreading

So in finishing, this isn’t a hack, merely a lack of education on the part of the Administrators of the TIS Project of the Parents and Students.

Parents need to be vigilant, learn about the Technology and take interest in their child’s Tablet usage as noted in my blog article entitled “How to Lock down your Child’s Tablet or smartphone and Apps to Block, Protect and Notify you of your Child’s whereabouts Online - Defense Against the Dark Arts”.

This involvements is something that the four (4) Contractors may have failed to reinforce in their training sessions with the parents and students, as Technology peeps aren’t exactly strong on the pedagogy and Andragogy or teaching Adults how to use Smartphones, Tablets and Laptops.

These four (4) contractors hired by the Ministry of Science, Technology, Energy and Mining need to get on top of the situation before it grows to more than 10%.

If it blossoms beyond 10% of the Tablet population then this storm in a Teacup that may become a mini-scandal on the same level as Minister of Youth and Culture Lisa Hanna involving the presence of Sexual Education Text in Children’s Homes that was a big ticked news item back in June 2014 as reported in the article “Hanna wants report on sex education programme in children's homes”, published Tuesday, June 17, 2014, The Jamaica Observer.

JFJ (Jamaica for Justice), a non-profit NGO (Non Governmental Organization) concerned with seeking Justice for the disenfranchised Jamaican, soon lost its head when the Former Executive Director Carolyn Gomes quit the Executive Board as reported in the article “Gomes Goes - JFJ Apologises For Sex Education Course, Former Executive Director Quits Board”, Published Wednesday June 18, 2014, The Jamaica Gleaner.

This may be the fate of those involved in the TIS Project if the 10% threshold of “hacking” the Tablets to access inappropriate websites, which may include pornography, gets out of control.



No comments:

Post a Comment

Please register and leave you comments. For contact, leave an email or phone number and I'll be sure to get back to you.