Difference between revisions of "Respondus LockDown Browser"

From the Linux and Unix Users Group at Virginia Teck Wiki
Jump to: navigation, search
imported>Echarlie
(References)
imported>Pew
 
(10 intermediate revisions by 2 users not shown)
Line 38: Line 38:
 
by <em>engag[ing] in any activity that might be purposefully harmful to systems or to any information stored thereon...</em>, however
 
by <em>engag[ing] in any activity that might be purposefully harmful to systems or to any information stored thereon...</em>, however
 
its use is not widespread enough for this to gain any note.
 
its use is not widespread enough for this to gain any note.
 +
 +
There is a further extension to Respondus LockDown, called Respondus Monitor
 +
<ref>http://respondus.com/products/monitor/</ref> that allows the proctor to spy on users through their webcam.
  
 
==Running the Software==
 
==Running the Software==
Line 50: Line 53:
 
===Natively (Windows or OS X)===
 
===Natively (Windows or OS X)===
 
To run on Windows, the software requires administrative privileges. Previous versions were shown to have used Internet Explorer with certain modifications
 
To run on Windows, the software requires administrative privileges. Previous versions were shown to have used Internet Explorer with certain modifications
executed on the fly, to add the "Lock Down" features, however it currently appears to be a stand-alone browser with some resemblance to Google's Chrome.
+
executed on the fly, to add the "Lock Down" features, however it currently appears to be a stand-alone browser with some resemblance to Google's Chrome. On both OS X and Windows, it is based off of the open-source Chromium
 +
<ref>http://respondus.com/products/lockdown-browser/requirements.shtml</ref>, although previous OS X versions are
 +
believed to have piggybacked off of Safari features. On Windows, the running user must have administrative privileges to run the student edition, however administrative privileges are not necessary to run the browser on OS X.
  
On Mac OS X, it requires that <em>The Safari browser must be configured to the minimum requirements for the Learning Management System being used</em>,
+
A version for iOS (iPad-only) is also available, as well as a version for centrally managed Chromebooks for education (k-12).
<ref>http://respondus.com/products/lockdown-browser/requirements.shtml</ref>
 
indicating that it piggybacks off of Safari features, although it is unknown if it requires administrative privileges on Mac OS X.
 
  
A version for iOS (iPad-only) is also available.
+
== Analysis ==
 +
Only cursory analysis has been done thus far, as the author of this article doesn't have a native windows box to run Respondus on. It appears that on launch, it first connects to an unencrypted http server running in AWS, presumably to check if the version is current, then it checks if it is in a virtualized environment.
  
 
==Other Notes==
 
==Other Notes==
Line 62: Line 66:
 
* No support for U2F -- requires second (expensive) device for other [[gp:2FA|2 Factor Authentication]] methods
 
* No support for U2F -- requires second (expensive) device for other [[gp:2FA|2 Factor Authentication]] methods
 
* Easily circumvented
 
* Easily circumvented
** Most students have second computer (i.e. Smartphone), which can be used for cheating (i.i. Google searching)
+
** Most students have second computer (i.e. Smartphone), which can be used for cheating (i.e. Google searching)
 
** Circumvention methods disadvantage students of lower income, who do not have second device.
 
** Circumvention methods disadvantage students of lower income, who do not have second device.
 
* No Linux version, disadvantaging students promoting the use of <b>free software</b>
 
* No Linux version, disadvantaging students promoting the use of <b>free software</b>
 
* Does not prevent collaboration in out-of-class testing
 
* Does not prevent collaboration in out-of-class testing
* Superfluous for in-class testing, where students are visually monitored anywas
+
* Superfluous for in-class testing, where students are visually monitored anyway
 
** At most just promotes lazy proctoring of exams
 
** At most just promotes lazy proctoring of exams
 
* Cannot take multiple tests within a single session
 
* Cannot take multiple tests within a single session
 
* Requires administrative privileges which may not be available on multi-user machines
 
* Requires administrative privileges which may not be available on multi-user machines
 +
* Hostile to users of password managers
 +
 +
=== Open questions on debugging ===
 +
* Is a TLS cert chain bundled, or can it be MITMed?
 +
* What kind of protocol does it use to authenticate that it is respondus
 +
** A Kerberos-like protocol would be optimal, but I'd be surprised if they did it
 +
* Does the binary do any integrity checks?
 +
* Does qemu-only emulated devices adequately obfuscate that it runs in a VM? Doesn't seem to
  
 
==References==
 
==References==
 
<references/>
 
<references/>
  
[[Category:Campus bugs]]
 
 
[[Category:Software]]
 
[[Category:Software]]
[[Category:Proprietary course software]]
 

Latest revision as of 04:05, 4 January 2018

Respondus LockDown Browser is a piece of proprietary online testing software developed by Respondus, Inc, and used by departments, including the Department of Engineering Education. Success in running under Wine varies from version to version, and may involve complex installation procedures, and the software actively prevents itself from running in a virtual machine.

Official Description

From the Product page:

LockDown Browser® is a custom browser that locks down the testing environment within Blackboard, ANGEL, Brightspace by D2L, Canvas, Moodle, and Sakai. When students use LockDown Browser they are unable to print, copy, go to another URL, or access other applications. When an assessment is started, students are locked into it until they submit it for grading. Available for Windows, Mac and iOS [sic].

Features Bugs

  • Integrates with Blackboard, ANGEL, Brightspace by D2L, Canvas, Moodle, and Sakai
  • Assessments are displayed full-screen and cannot be minimized
  • Assessments cannot be exited until submitted by users for grading
  • Task switching or access to other applications is prevented
  • Print, Print Screen and capturing functions are disabled
  • Copying and pasting anything to and from an assessment is prohibited
  • Screen capture, messaging, screen-sharing, virtual machine, and network monitoring applications are blocked from running
  • Right-click menu options and function keys are disabled
  • Browser menu and toolbar options are disabled, except for Back, Forward, Refresh and Stop
  • Source code for the HTML page cannot be viewed
  • The browser automatically starts at the login page for the institution’s learning management system
  • URLs cannot be typed by the user
  • External links don’t compromise the locked testing environment
  • Pages from the assessment are not stored on the computer after exiting
  • Assessments that are set up for use with LockDown Browser cannot be accessed with other browsers
  • Localized for multiple languages, including English, Spanish, French, German, Italian, and Portuguese
  • Available for both Windows and Mac computers, as well as iPad

Malware

LockDown requires administrative privileges to run, and cannot be run as an unprivileged user. Features of the browser could be construed to violate Virginia Tech Acceptable Use Policy by engag[ing] in any activity that might be purposefully harmful to systems or to any information stored thereon..., however its use is not widespread enough for this to gain any note.

There is a further extension to Respondus LockDown, called Respondus Monitor [1] that allows the proctor to spy on users through their webcam.

Running the Software

Wine

There are multiple tutorials available by a quick web search which claim to get this working in Wine, however, to date, no member of VTLUUG has succeeded in doing so and existing information indicates it varies by version of the browser.

Virtual Machine (KVM)

This refuses to run in a Virtual Machine. It may be possible to add the -cpu kvm=off flag to Qemu to prevent it from detecting a virtualized environment, but this has not been tested to date. It may also be necessary to disable Virtio drivers and devices.

Natively (Windows or OS X)

To run on Windows, the software requires administrative privileges. Previous versions were shown to have used Internet Explorer with certain modifications executed on the fly, to add the "Lock Down" features, however it currently appears to be a stand-alone browser with some resemblance to Google's Chrome. On both OS X and Windows, it is based off of the open-source Chromium [2], although previous OS X versions are believed to have piggybacked off of Safari features. On Windows, the running user must have administrative privileges to run the student edition, however administrative privileges are not necessary to run the browser on OS X.

A version for iOS (iPad-only) is also available, as well as a version for centrally managed Chromebooks for education (k-12).

Analysis

Only cursory analysis has been done thus far, as the author of this article doesn't have a native windows box to run Respondus on. It appears that on launch, it first connects to an unencrypted http server running in AWS, presumably to check if the version is current, then it checks if it is in a virtualized environment.

Other Notes

Actual Bugs

  • No support for U2F -- requires second (expensive) device for other 2 Factor Authentication methods
  • Easily circumvented
    • Most students have second computer (i.e. Smartphone), which can be used for cheating (i.e. Google searching)
    • Circumvention methods disadvantage students of lower income, who do not have second device.
  • No Linux version, disadvantaging students promoting the use of free software
  • Does not prevent collaboration in out-of-class testing
  • Superfluous for in-class testing, where students are visually monitored anyway
    • At most just promotes lazy proctoring of exams
  • Cannot take multiple tests within a single session
  • Requires administrative privileges which may not be available on multi-user machines
  • Hostile to users of password managers

Open questions on debugging

  • Is a TLS cert chain bundled, or can it be MITMed?
  • What kind of protocol does it use to authenticate that it is respondus
    • A Kerberos-like protocol would be optimal, but I'd be surprised if they did it
  • Does the binary do any integrity checks?
  • Does qemu-only emulated devices adequately obfuscate that it runs in a VM? Doesn't seem to

References