Software developer dad discovers security flaw in school tablet software


A concerned dad has reported a flaw in government-issued LearnPad educational tablets after realizing anyone could access a child through the Microsoft Teams communication platform, potentially exposing them to grooming and child abuse. online bullying.

Swen Kalski, a father of three and also a software developer, realized that he could access one of his son’s school Teams accounts using his personal email address due to the lack of security configuration.

Asked about this, a Department of Education spokesperson said: “Discussions are ongoing with Microsoft leading to the possibility of adding a new feature in MS Teams to improve the platform so that iLearn accounts are not visible and searchable.

“It will take time as a new feature needs to be rolled out globally by Microsoft.”

The spokesperson added that Teams is used to provide access to parents by facilitating communication between them and schools for the benefit of their children’s academic progress.

The One tablet per child program was rolled out during the 2016-17 school year.

Since then, tablets have been distributed free of charge to all 4th graders in public, religious and independent schools.

All this cost 12 million euros, 80% of which was financed by the European Social Fund.

The security flaw

When the coronavirus pandemic hit in March 2020 and kids finally resorted to online teaching, tablets became a portal to the online classroom through Microsoft Teams.

Kalski, whose children are ages four, eight and 10, noticed they could also be a potential doorway for abuse when he looked into a problem with his child’s tablet.

His eldest son’s Teams account was accidentally set to the wrong class and school.

“During my investigation, I checked if it was possible to contact my child with an anonymous account in LearnPad teams provided by the Ministry of Education,” he said.

“It is possible for everyone to come into contact with our children. The doors of grooming and child abuse are wide open to all children using accounts,” he added.

Kalski noted that one had to know the child’s email address to access the system, but a particular format used by schools made this easy to decipher.

Struggling to be heard

As he tried to solve the problem, he was tossed between the Ministry of Education, the Institute of Education and the Center for Digital Literacy, he said.

Kalski reported the issue to the ministry but got no response, so he wrote about it on his blog,, and contacted Malta weather.

He now calls for a central point of contact where such uses could be raised and addressed.

Independent journalism costs money. Support Times of Malta for the price of a coffee.

Support us


Comments are closed.