At the Defcon hacker conference in Las Vegas, the 18-year-old Bill Demirkapi presented his findings after doing three years of research on two software which were being used by his school for education and other purposes. He was able to discover a loophole in the software which could allow a hacker to gain access to data of 5 million students.
Bill Demirkapi found vulnerabilities in the two software. This two software was developed by Blackboard and Follet. The security flaw found in the software developed by Blackboard could be used by a hacker to gain access to 5 million records of students and teachers including student grades, immunization records, cafeteria balance, schedules, cryptographically hashed passwords and photos.
Bill disclosed the vulnerability found in the two software to the tech companies who created the two software. After knowing the bug, both the tech firms fixed the flaw and confirmed that the security bug found in their software was not exploited even once and they also did not find any sign of records being leaked before.
How did it all start?
Bill Demirkapi started exploring the two software when he was in standard 10th standard. He used to did this due to boredom and curiosity that he possessed about cybersecurity. He said, “I have a passion to, I guess, break things. I really wanted to learn about web application testing, so I thought, well, how cool would it be to test on my own school’s grading system?”.
Besides doing all these, he also used his technical knowledge to exploit the college admission software developed by Follet. He changed his admission status from “pending” to “accepted”.
Bill also said that when he tried to contact the tech firms to tell about the bugs which he discovered while exploring the school software developed by them, the company didn’t take seriously and ignored his claims. So, to grab the attention, he decided to do something else related to hacking which would prove that he is not lying or making fun of anything.
He created a group resource in his school’s account in the Follet’s software and sent a push notification to everyone in his school using the Follet’s software. The push notification included a message in which he wrote, “Hello from Bill Demirkapi 🙂”. He was suspended for 2 days after getting caught by the school authority.
Bill also made a decision of applying for a job in Blackboard tech company for the post of a new chief information security officer. But, later he dropped this idea and joined the college for further studies.