Some of the laptops issued by the Department for Education (DfE) to support remote education for disadvantaged young people contain malicious software, according to the online forum EduGeek.
The issue was raised by staff at a Bradford-based school, who claimed that the devices dished out to vulnerable learners in response to the COVID-19 pandemic were contaminated by malware connected to Russian servers.
An email from Bradford Council to local school leaders, which has been shared on the forum, states: “We have been made aware of the following issue from a Bradford School. They have just received their final assignment of Windows laptops from the DfE. The laptops are Geo Geobooks 1E.
“Upon unboxing and preparing them it was discovered that a number of the laptops are infected with a self-propagating network worm (Gamarue.I). The network worm looks like it contacts Russian servers when active.”
The email goes on to explain that the malware was discovered in an infected file, which seemed to have been modified in December 2019 – not long after the device had been manufactured.
It is thought that the software installs spyware, which can gather data on browsing habits and, worryingly, personal information such as banking details.
The DfE is said to have launched an official investigation into the matter, with an official telling BBC News: “We are aware of an issue with a small number of devices. And we are investigating as an urgent priority to resolve the matter as soon as possible.
“DfE IT teams are in touch with those who have reported this issue,” they said, adding that they do not believe the issue to be “widespread”.
The laptops have been provided as part of a government initiative to lessen the impact of the digital divide in UK schools, and allow learning for vulnerable pupils to continue while school sites remain closed.
You might also like: National Grid donates 1,000 laptops to support home learning amid COVID-19
Education secretary Gavin Williamson recently announced an extension to the scheme, which now reportedly aims to provide an additional 300,000 children with devices.
Mr Williamson noted that this extension would see a further 1.3m young people receive devices by the end of the month.
In response to these findings, Brian Higgins, security specialist at Comparitech, has issued the following statement: “Whilst it is unclear where these particular laptops were sourced, it is absolutely vital that anyone seeking to source devices, whether they are bought using sponsorship or donated directly, be fully aware of the risk that they may contain dormant or active malicious software and research appropriate methods to make them safe before they are distributed to homes and families.
“The potential for malicious software to be used against recipients is not limited to the children for which the devices are intended, as access to the internet will no doubt be useful for other family and friends outside of school hours. I would highly recommend that anyone distributing devices include some information about online safety. The National Cyber Security Centre offer free advice on secure home working and the use of online conferencing services such as Zoom and Teams.
“If anyone is in doubt about the safety and security of devices provided for educational purposes, they should contact the Department for Education IT team for advice before distribution.”