Skip to content
ADVERTISEMENT
Sign In
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Virtual Events
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
  • More
  • Sections
    • News
    • Advice
    • The Review
  • Topics
    • Data
    • Diversity, Equity, & Inclusion
    • Finance & Operations
    • International
    • Leadership & Governance
    • Teaching & Learning
    • Scholarship & Research
    • Student Success
    • Technology
    • Transitions
    • The Workplace
  • Magazine
    • Current Issue
    • Special Issues
    • Podcast: College Matters from The Chronicle
  • Newsletters
  • Virtual Events
  • Ask Chron
  • Store
    • Featured Products
    • Reports
    • Data
    • Collections
    • Back Issues
  • Jobs
    • Find a Job
    • Post a Job
    • Professional Development
    • Career Resources
    • Virtual Career Fair
    Upcoming Events:
    Hands-On Career Preparation
    An AI-Driven Work Force
    Alternative Pathways
Sign In
Student Surveillance

A Vulnerability in Proctoring Software Should Worry Colleges, Experts Say

By Taylor Swaak January 6, 2022
trendsmangan-web-full-bleed.jpg
Harry Haysom for The Chronicle

A vulnerability detected last year in an online-proctoring software used by more than 2,000 American colleges is raising new alarm bells for experts, who say that too many institutions — eager to assure the academic integrity of online assessments — have failed to evaluate those platforms and weigh the risk of cyberattacks.

“Security experts and cybersecurity experts have been talking about this being a concern” with online proctoring, “but it really hasn’t been reflected in the general conversation,” said Calli Schroeder, a privacy lawyer with the Electronic Privacy Information Center. And that’s “detrimental.”

To continue reading for FREE, please sign in.

Sign In

Or subscribe now to read with unlimited access for as low as $10/month.

Don’t have an account? Sign up now.

A free account provides you access to a limited number of free articles each month, plus newsletters, job postings, salary data, and exclusive store discounts.

Sign Up

A vulnerability detected last year in an online-proctoring software used by more than 2,000 American colleges is raising new alarm bells for experts, who say that too many institutions — eager to assure the academic integrity of online assessments — have failed to evaluate those platforms and weigh the risk of cyberattacks.

“Security experts and cybersecurity experts have been talking about this being a concern” with online proctoring, “but it really hasn’t been reflected in the general conversation,” said Calli Schroeder, a privacy lawyer with the Electronic Privacy Information Center. And that’s “detrimental.”

Computest, a Dutch cybersecurity-consulting company, ran tests on one such provider, Proctorio, last June, and found a vulnerability — now fixed — within the software’s browser extension. As Computest’s head of security research, Daan Keuper, explained it, if attackers had lured someone who had the extension installed to an attacker-owned website — perhaps through email or Instagram messaging — they could have enabled the extension and exploited that vulnerability, allowing them to open email, take screenshots, and activate the user’s webcam, among other things.

The problem was in the software itself, so “everyone who had this software installed was at risk,” Keuper confirmed in an email. The Dutch news outlet RTL News first reported on the vulnerability in December; no U.S. federal laws require public disclosure in such cases.

A spokesman for Proctorio, which has contracts with roughly 2,400 American colleges, said the company had promptly fixed the vulnerability, within a week of notification, and had found no indication that anyone other than Computest had discovered or exploited it. The spokesman also referred The Chronicle to the company’s blog post, published on Wednesday, that discusses the matter and highlights Proctorio’s partnership with HackerOne, an independent ethical-hacker community that finds and reports security weaknesses.

For some experts and faculty members, the news of the vulnerability isn’t surprising. “It was just a matter of time,” said Chris Gilliard, a visiting research fellow at Harvard and an advocate for digital privacy. Online-proctoring software itself, he believes, is essentially “malware” to begin with.

Nonetheless, the discovery has left those observers even more skeptical that students are secure when using these tools. “Has anyone hacked into” such software, asked Maritez Apigo, an English professor at Contra Costa College, “and it just never hit the news?”

Rapid Growth

The use of online-proctoring tools has exploded since colleges went remote in the spring of 2020. Proctorio’s business reportedly increased ninefold from April 2019 to April 2020, with nearly three million active weekly users as of March 2021. It and other proctoring companies — such as Honorlock and ProctorU — permeated the news cycle just as quickly, drawing widespread ire over concerns with student stress and allegations of bias against people with disabilities or darker skin tones. Students at more than a dozen universities, including the City University of New York, the University of Wisconsin at Madison, and Washington State University, have circulated petitions protesting the use of the tools.

Cybersecurity has been largely absent from the discourse, though colleges have simultaneously grappled with a rise in cyberattacks. Microsoft Security Intelligence data show that “Education” is the industry most threatened by malware right now, making up 82.3 percent of reported cases in the last 30 days, as of Thursday.

ADVERTISEMENT

(At least one online-proctoring company, ProctorU, had previously reported a data breach, in 2020 — an incident in which a hacker posted the records of nearly 450,000 people registered with the service, including their email addresses, full names, street addresses, and phone numbers. The impact, if any, of that breach still isn’t clear.)

Schroeder hopes news of the Proctorio vulnerability will spur colleges to move away from online proctoring. So far, she’s been disappointed that many are still leaning on the tool, and not exploring alternative testing methods such as open-book and project-based assessments. While Covid-19’s Omicron variant is once again causing sudden moves to temporary online instruction, colleges should be ready by now, she said.

“I very much sympathize with the fact … that colleges were making the best choice [they] could very quickly” when Covid-19 first hit, she said. But “now that we’ve had more time, and it looks like this may be a more ongoing situation … you don’t really get the excuse of saying ‘We had to make a quick call’ anymore. You need to be able to pull back and re-evaluate.”

Where Do Colleges Stand?

The Chronicle researched about two dozen colleges that — according to Google-search data of “.edu” sites compiled by Royce Kimmons and George Veletsianos, faculty members at Brigham Young University and Royal Roads University, respectively — produced the most web-page results mentioning Proctorio. We asked the colleges whether this development had influenced how they thought about online proctoring.

ADVERTISEMENT

One, Utah State University, said it remained “confident” in the tool’s security, noting that Proctorio conducts daily vulnerability scans. The software has “been positive for our students to be able to continue their educational goals” during the pandemic, a spokeswoman added via email.

Other replies were more ambiguous. At least six of the colleges no longer use the tool, though it wasn’t clear whether that decision stemmed from cybersecurity concerns.

The 23-campus California State University system, which says it has been moving away from the use of online proctoring since 2020, stated that it would not renew its Proctorio agreement, which expires in September. It would, however, allow individual campuses to contract with Proctorio directly.

All that confirmed they had agreements with Proctorio said the software was not mandatory. A few also noted low usage: A spokesman at the University of Wisconsin at Milwaukee, for example, wrote in an email that it “does utilize Proctorio software, but in a limited way,” with 115 of some 8,400 courses — less than 2 percent — using the software during the fall-2021 semester.

ADVERTISEMENT

So why keep an online-proctoring software if usage is low and controversy is high? The answer is complicated.

Many colleges and their faculty members remain worried about academic integrity — in the summer of 2020, at least, 93 percent of nearly 800 surveyed instructors said they believed online exams encouraged cheating. Cassidy Creech, a marketing lecturer at Utah State, said that while he uses hands-on, project-based assessments for most classes, Proctorio has been a “valuable” tool for him in one gateway course, where many students remain online and he wants to ensure foundational knowledge before they move to upper-level courses.

“For me, honestly, it’s given me a level of assurance I need in the results — to have the confidence that everybody is playing on a level playing field,” he said.

Data proving that online-proctoring software curtails cheating is limited. Proctorio directed The Chronicle to an independent 2018 research study that identified lower test scores and shorter test times for proctored versus unproctored online exams. The authors suggested those findings indicated reduced instances of cheating. The study did not explore what role factors such as students’ anxiety with online proctoring might play in their performance.

ADVERTISEMENT

Economics probably explains some of the loyalty to online proctoring, Gilliard said. “Once institutions purchase a thing, they have to justify that purchase … you can’t just leave it on the shelf,” he said. Reporting by The New Yorker revealed some Proctorio contracts are worth around half a million dollars a year.

For the University of Texas at Austin, specifically, re-upping the service last year was a matter of not having a better option fleshed out when the contract came due for renewal. The university’s academic-integrity committee hadn’t yet weighed in, “nor did we have the alternative solutions for faculty,” a spokeswoman wrote in an email. The committee later recommended strongly that the university not use the software.

Experts point to numerous ways faculty members can foster integrity with online assessments. They cite open-book or conceptual, essay-based exams as opposed to multiple choice, for example, or — simply — trusting students more.

The committee at UT-Austin also recommends numerous short tests throughout a semester, with each test having a relatively low impact on the final grade, or Zoom-proctored exams for classes of fewer than 49 students. Apigo said she’d seen colleagues at Contra Costa College, a two-year institution in California, embrace creative assignments, too; for example, asking students in a biology course to communicate what they know about a particular disease by designing brochures.

ADVERTISEMENT

Such approaches may better reflect the skills needed in the postgraduate work force, Gilliard said.

“In the real world, people don’t mostly sit in a room in a timed session under the eye of cameras.”

We welcome your thoughts and questions about this article. Please email the editors or submit a letter for publication.
Update (Jan. 7, 2022, 2:09 p.m.): This article has been updated to provide more information about California State University's use of online proctoring.
Tags
Technology Teaching & Learning Online Learning Innovation & Transformation
Share
  • Twitter
  • LinkedIn
  • Facebook
  • Email
swaak-taylor.jpg
About the Author
Taylor Swaak
Taylor Swaak is a senior reporter at The Chronicle of Higher Education, covering how institutions are harnessing technology to innovate. She focuses on college partnerships with ed-tech companies and the growing use of artificial intelligence across different administrative functions of higher ed, aiming to hold colleges accountable as well as highlight success stories.
ADVERTISEMENT
ADVERTISEMENT

More News

Photo-based illustration of scissors cutting through a flat black and white university building and a landscape bearing the image of a $100 bill.
Budget Troubles
‘Every Revenue Source Is at Risk’: Under Trump, Research Universities Are Cutting Back
Photo-based illustration of the Capitol building dome topping a jar of money.
Budget Bill
Republicans’ Plan to Tax Higher Ed and Slash Funding Advances in Congress
Allison Pingree, a Cambridge, Mass. resident, joined hundreds at an April 12 rally urging Harvard to resist President Trump's influence on the institution.
International
Trump Administration Revokes Harvard’s Ability to Enroll International Students
Photo-based illustration of an open book with binary code instead of narrative paragraphs
Culture Shift
The Reading Struggle Meets AI

From The Review

Illustration of a Gold Seal sticker embossed with President Trump's face
The Review | Essay
What Trump’s Accreditation Moves Get Right
By Samuel Negus
Illustration of a torn cold seal sticker embossed with President Trump's face
The Review | Essay
The Weaponization of Accreditation
By Greg D. Pillar, Laurie Shanderson
Protestors gather outside the Pro-Palestinian encampment on the campus of UCLA in Los Angeles on Wednesday, May 1, 2024.
The Review | Conversation
Are Colleges Rife With Antisemitism? If So, What Should Be Done?
By Evan Goldstein, Len Gutkin

Upcoming Events

Ascendium_06-10-25_Plain.png
Views on College and Alternative Pathways
Coursera_06-17-25_Plain.png
AI and Microcredentials
  • Explore Content
    • Latest News
    • Newsletters
    • Letters
    • Free Reports and Guides
    • Professional Development
    • Virtual Events
    • Chronicle Store
    • Chronicle Intelligence
    • Jobs in Higher Education
    • Post a Job
  • Know The Chronicle
    • About Us
    • Vision, Mission, Values
    • DEI at The Chronicle
    • Write for Us
    • Work at The Chronicle
    • Our Reporting Process
    • Advertise With Us
    • Brand Studio
    • Accessibility Statement
  • Account and Access
    • Manage Your Account
    • Manage Newsletters
    • Individual Subscriptions
    • Group and Institutional Access
    • Subscription & Account FAQ
  • Get Support
    • Contact Us
    • Reprints & Permissions
    • User Agreement
    • Terms and Conditions
    • Privacy Policy
    • California Privacy Policy
    • Do Not Sell My Personal Information
1255 23rd Street, N.W. Washington, D.C. 20037
© 2025 The Chronicle of Higher Education
The Chronicle of Higher Education is academe’s most trusted resource for independent journalism, career development, and forward-looking intelligence. Our readers lead, teach, learn, and innovate with insights from The Chronicle.
Follow Us
  • twitter
  • instagram
  • youtube
  • facebook
  • linkedin