What's Behind the iPad Hack at Los Angeles High Schools?
When 340 high school students figured out how to remove mobile device management software from their iPads they did more than gain access to social networks and banned websites. They exposed what can go wrong with Apple's approach to supporting companies and schools looking to deploy and manage thousands of iPads.
Tue, October 01, 2013
CIO — Last week, more than 300 students across three high schools in the Los Angeles Unified School District (LAUSD) brought their school-issued iPads home and hacked into them, probably to download juicy blacklisted apps and access banned websites.
Well, "hacked" might be a strong word. Students simply removed their mobile device management (MDM) software profile—an easy enough thing to do—which also got rid of Apple's Global Proxy that ensures traffic goes through a Web filter. It wasn't much of a hack, rather a couple of finger taps.
The Los Angeles Times reported the story, which was picked up by other media, and LAUSD suddenly found itself in hot water. Headlines screamed: "Students find ways to thwart school iPad security" (rtv6) and "Students gleefully teach admins that mobile device management is hard" (Ars Technica).
Seemingly caught by surprise, LAUSD threw together an official response. Superintendent John Deasy quickly ordered a moratorium on allowing iPads to leave campus until the district could make sure that the problem was solved and that students would use the devices safely and appropriately.
What really happened at LAUSD?
In truth, we don't know; LAUSD would not respond to questions. But our best guess is that LAUSD had come to a fork in the road in its massive iPad rollout and was forced to choose the lesser of two evils. One path required a lot of work, the other was less secure. In the background, Apple was working on a fix that would render a decision moot. LAUSD took the latter path, hoping Apple's fix would come soon.
The gamble didn't pay off, and LAUSD took some bad press. To be fair, the sensationalism overshot the severity. After all, 340 high school students had access to unfiltered iPads for a single evening. By removing MDM profiles, students triggered an automatic alert to the IT department, and the matter was probably resolved the next school day. No big deal.
Students Teach Apple a Lesson
But the entire episode is worth analyzing as a bold chapter in the fast-evolving story of iPads in the enterprise. It's an example of what can go wrong with Apple's on-again-off-again love affair with companies and schools trying to support thousands of iPads.
Earlier this summer, LAUSD told the Los Angeles Times that it was spending $30 million to provide 35,000 iPads to students in 47 schools. Then CIO.com sister site CITEworld broke the news that this was only the first leg of a much larger rollout. The master plan called for all 640,000 students to have an iPad by the end of next year—one of the largest deployments of its kind.