Senior Winston Howes has pinpointed three major issues he worries could be exploited by hackers.
“It’s possible for anyone to see anyone’s grades across campus. It’s possible to change anyone’s grades on campus. On top of that, it’s also possible to view anyone’s financial information, from financial aid to information that parents or whoever are using to pay tuition,” he said.
Howes said he first noticed the issues in August 2013 while working on creating a new version of ConnectCarolina, known as ConnectCarolina 2.0, as a personal project.
“In order to build ConnectCarolina 2.0, I had to really dig around inside ConnectCarolina to learn how it’s working from the inside out,” Howes said. “(The issues) I found sort of spooked me.”
Howes said the University didn’t believe the weaknesses existed until he showed them how they could be exploited.
“I reported a bunch of security holes to UNC, and they told me they were working on them,” he said. “But when I came back around Christmastime, I had a meeting with ITS and the Dean of Students and I realized that none of these security holes that I’d brought up had been fixed at all.”
Susan Kellogg, deputy chief information officer for ITS, emphasized that while ITS takes all security concerns seriously, Howes’ accusations were “quite strong.”
“We’re also not aware that someone can view a student’s financial information unless that student has given them access to do so,” Kellogg said.