Man-in-the-Middle Attack Against the MCAT Exam

In Applied Cryptography, I wrote about the "Chess Grandmaster Problem," a man-in-the-middle attack. Basically, Alice plays chess remotely with two grandmasters. She plays Grandmaster 1 as white and Grandmaster 2 as black. After the standard opening of 1. e4, she just replays the moves from one game to the other, and convinces both of them that she's a grandmaster in the process.

Detecting these sorts of man-in-the-middle attacks is difficult, and involves things like synchronous clocks, complex cryptographic protocols, or -- more practically -- proctors. Proctors, of course, can be fooled. Here's a real-world attempt of this type of attack on the MCAT medical-school admissions test.

Police allege he used a pinhole camera and wireless technology to transmit images of the questions on a computer screen back to his co-conspirator, Ruben, at the University of British Columbia.

Investigators believe Ruben then tricked three other students, who thought they were taking a multiple choice test for a job to be an MCAT tutor, into answering the questions.

The answers were then transmitted back by phone to Rezazadeh-Azar, as he continued on with the test in Victoria, police allege.

And as long as we're on the topic, we can think about all the ways to hack this system of remote exam proctoring via webcam.

Posted on June 2, 2011 at 7:32 AM • 29 Comments

Comments

Brian Ballsun-StantonJune 2, 2011 7:51 AM

The most trivial man-in-the-middle attack I can see here is just using one of the many remote desktop solutions, one that doesn't appear in the system tray, to have a confederate also taking the exam. With that and extensive use of keyboard hot-keys to fuzz detection, it would be trivial to have the confederate either click the "correct" answers or display them through a backchannel. Additional testing would be necessary to see if a chat program on a second monitor would register.

Another trivial attack would be on the identification. While they certainly "take a photo for the record" it would be interesting to see if they make that audit-trail available to the professor grading the exam.

As a professor, this type of "human proctoring" would be highly suspect. While it's not too bad monitoring an entire classroom, watching one student take an exam over a webcam would be an excruciatingly boring experience. There's little chance that the proctor would remain alert over the entire period. (As the other side of that though, the student should never know *when* the proctor isn't alert, which the video of the proctor slightly defeats.)

ChristianOJune 2, 2011 8:03 AM

I would say the best protection is to work wiht the right incentives...
as in make the penalty for cheating severely high.
Higher than just failing the test.

Sadly thats not always possible.

TSJune 2, 2011 8:31 AM

The disincentive should be that the other test takers are allowed to beat you with blunt objects for causing all their tests to be invalidated and forcing them to take the test again.

Man I'd be pissed...

aJune 2, 2011 8:32 AM

Hey, you forgot the best part!

"However, the would-be tutors became suspicious because of the poor quality of the images of the test questions, and the fact that they were allowed to discuss the question together before giving Ruben their answers.

When Ruben left the room to transmit some of the answers, the would-be tutors checked online and determined the MCAT exam was being held that day in locations around the world.

So the three students called campus security and began submitting wrong answers to the scammers while they waited for the officers to arrive and arrest Ruben."

MarcJune 2, 2011 9:18 AM

"make the penalty for cheating severely high." I think the penalty for cheating is pretty high. Being banned from taking the MCAT, and as a result banned from application to medical school.

"Another trivial attack would be on the identification." Not trivial. They ask you to send in pictures and fingerprints of yourself when you sign up for the exam. They repeat the process when you show up to take the exam. Of course you need a real photo ID when show up. Library card won't cut the mustard.

"using one of the many remote desktop solutions." I don't think you can go into the exam room, and install a remote desktop system on the exam computer. The computer may not even have an internet connection at the time of the exam.

yarpJune 2, 2011 9:39 AM

How about sharing your desktop with the proctor *and* with a friend. The friend is willing to help. That friend can see your exam, type answers on his screen which is remotely displayed on another screen, visible to you, not visible on the webcam. You might even conceal it a little, so that if the proctor asks to look around with the webcam, it won't be too clear you're cheating.

FYIJune 2, 2011 10:12 AM

It seems the only reason they got caught was their own amateurism. In a more professional set-up, or with either a tutor on their side, this could have gone on unnoticed. In fact, it wouldn't surprise me if the idea wasn't their own at all. Could well be that they copied this from someone else offering the same services as a cheaper alternative.

Interestingly enough the ProctorU gives the examinee control over most of the environment. By their own computer in their own room, the student has quite literally a home-advantage. Panning the camera around won't change that much about it.

That being said, someone panning an iMac built-in camera around should have been a red flag from the start ;)

paulJune 2, 2011 10:32 AM

As people have noted, nothing in the stated rules for remote proctoring says anything about other screens or webcams in addition to the one being monitored. I'd consider hiding my second screen in plain sight but behind crossed polarizers, since this is my webcam we're talking about.

But the real question is what kind of exam we're talking about. If it's multiple choice, it's fairly easy to cheat with a confederate, but if it's even short-answer essay, much harder.

At some point, the effort needed to cheat exceeds the effort needed to just stuff and pass the damn thing legitimately, but students who have an interest in hacking exams probably aren't the best jusdges of that point.

angelaJune 2, 2011 10:35 AM

I'd think studying for the exam would be far easier than going through all that trouble.

ThomasJune 2, 2011 11:14 AM

One of the other ways to detect cheats like this one, is to put questions that are not in the curriculum, and normally only answerable by someone already a Med student in year 2 or 3. If an MCAT give the correct answer, it's a big red flag.

dragonfrogJune 2, 2011 12:39 PM

@paul

"At some point, the effort needed to cheat exceeds the effort needed to just stuff and pass the damn thing legitimately"

It is really remarkable the effort some people will go to to cheat on exams. It's not at all unusual for the effort going into cheating to easily surpass the effort it would take to just memorize the information they're sneaking in...

I had a prof who encouraged students to bring a "cheat sheet" - a single 8x11 sheet of paper with whatever information we wanted written on it - into our exams. I found that the effort of figuring out what course information should most usefully be put onto that page was such a good study exercise that after spending hours preparing the thing, I hardly looked at it - the exercise of "cheating" required you to think about the course material in such a way that you didn't need to cheat anymore.

Nick PJune 2, 2011 3:29 PM

@ Bruce Schneier

Derren Brown did the best demonstration of this attack by playing nine chess masters simultaneously and winning a bunch of the games. Probably a trick to the next part but he also guessed the number of pieces that would be on the board at the end of the game. Dude's videos are awesome. It's on YouTube for free.

http://www.youtube.com/watch?v=evZmpsl3jI0

Richard Steven HackJune 2, 2011 5:07 PM

I'm always amused at the way people are irritated by "cheaters".

The reason is simple: People hate it when another member of their species has an advantage they don't have. It goes RIGHT to their primate hierarchical fear that someone else is "better" than they are which is DIRECTLY related to the fear of death. "Fairness" is just another word for "fear".

Human consciousness is totally controlled by the following primitive emotional reaction: "If you're right, I'm wrong. And if I'm wrong, I'm dead - and that can't be allowed. So I'm right and you're wrong - and I'll kill you if necessary to prove it."

Everyone should "cheat" all the time. It's required for survival. That would put an end to this nonsense.

It is correct to say, however, that if you're smart enough to cheat - well, to cheat EFFECTIVELY - you're smart enough not to have to. But that isn't always the case depending on your society and your social status in that society.

This relates to Bruce's "dishonest minority" concept, BTW. The question is whether you're actually coercing someone (which includes fraud) or whether you're just evading some pointless rules that only exist for someone else' benefit.

In this particular case, I'm reminded of a con woman who once posed as a medical doctor. She would see patients, hear their complaints, retire to her office, look up the complaints in the standard diagnostic literature, and then prescribe. Her patients loved her. And she was right about as often as most doctors.

So was she a fraud? Or just someone who figured out how to "practice" medicine without the bother of years of internship?

How many people go into a profession by immediately operating at the highest standards of that profession? Not many. They all start out just barely being more competent (and frequently not) than the clients they're advising. Only experience counts in the end.

So it's not clear to me that tests of this sort are all that useful except to winnow out the "riff-raff" and more importantly closely control entry into the profession - "control" in the sense of "exclude" in order to keep exclusivity - and hence profits - high.

The "Catch Me If You Can" guy Frank Abagnale Jr. boned up a bit on the law and passed a bar exam as well as posing as a senior resident physician in a hospital for some months (and well liked, too, especially by the nurses, many of whom he liked rather well.)

So do we need to arrest someone for "cheating?"

M.June 3, 2011 1:39 AM

The penalty is higher than failing the test: for all intents and purposes, he can never pursue a career as a doctor or the medical sciences.

DougJune 3, 2011 1:13 PM

There is a difference between someone without training but has reference material who poses as a doctor, and someone who was trained as a doctor, who also has access to reference materials.

Med school doesn't teach you everything you need to know to be a doctor. You do need experience. What it really gives you is a knowledge of the body systems, diseases and various other things. That way the doctor is more familiar with the way things work, and if needed has a better idea of how and where to look in references to get the right answer. That said, when you have all your patients coming through with the sniffles, it doesn't take a rocket scientist to diagnose the flu.

Cheating, is generally applied to academic situations, where someone cheats instead of actually learning what they were there to learn in the first place. Allowing them to have credit for having learned whatever.

Fraud applies to situations such as Frank Abagnale and the fake doctor.

I don't think people dislike cheaters because they fear they're better than them. I'd think its more that someone else is getting credit for something they didn't do, where someone who did do got the same thing. I'd imagine its more they feel the cheater is inferior, but is being given the same value as the person who thinks they're superior.

Nick PJune 3, 2011 3:24 PM

@ Richard Steven Hack

"Human consciousness is totally controlled by the following primitive emotional reaction: "If you're right, I'm wrong. And if I'm wrong, I'm dead - and that can't be allowed. So I'm right and you're wrong - and I'll kill you if necessary to prove it.""

I think you're way oversimplifying things here. You're describing the primitive thinking of the reptilian brain. There's plenty more in the human skull. There's also a wider range of thinking, reactions, etc. For instance, many people disregard remarks that make them wrong and don't attribute them to survival. Contrarians do it for pleasure rather than survival. Oversimplifying the human experience doesn't lead to good models of why they act certain ways. Better not to do that.

ShawnJune 3, 2011 3:47 PM

"The penalty is higher than failing the test" - actually, as far as never being a doctor, the cost is likely identical either way when choosing between "fail test > drop out" and "cheat > possibly caught".

The real insanity is the effort he could have put into the best method to reduce his risk ("study") was instead used to set up the cheating.

As for "ProctorU", I could come up with 7 methods in about a minute:
- 2 that require little or no investment or technology
- 3 using pre-existing commodity technology that is free or low cost and straightforward to set up
- 1 software method that would be undetectable, however difficult to set up
- And 1 that would be completely undetectable but would require a non-trivial capital investment ($200 or so I think)

Security theater much?

Natanael LJune 5, 2011 2:44 PM

I have been thinking a bit about this but from a different angle. My angle is about how stranger A and B could know that they are talking directly to each other and know for sure that nobody are MiTM:ing them.
It is basically all about lots of crypto, stenography, information overload, timing, etc.
It should be VERY costly to attempt a MiTM. The attacker should need LOTS of more RAM and CPU power then stranger A (Alice) and B (Bob) to be able to fool them both.

Consider this: Alice and Bob use opportunistic encryption. They don't have the other's public PGP key from before, so the attacker could give them both his own and they wouldn't notice. The attacker would receive all of Alice's and Bob's data, decrypt them and re-encrypt them with the other's public key, as an invisible proxy.
My suggestion, and I already understand that it isn't perfect: For Alice and Bob to prevent an attacker from succeding, they would have to hide lots of data in their streams that they at later points would reveal, and this would be data that is critical for the protocol.
The protocol would expect that some parts of the stream would have to be kept for a longer period and that randomly selected parts of these would contain hidden data. Keys to reveal steganographically hidden data would have to be revealed with a maximum of some time interval that would be selected carefully to balance the need for RAM for the client and the attacker.
For an attacker to succed, he would have to successfully detect every attempt to reveal steganographically hidden data in old streams, old encrypted parts of the stream that keys will be sent for at later times, etc. The entire idea is that for an attacker to make the MiTM work and make the MiTM undetectable on the data stream itself (if everything is "coherent"), it would be obvious on the *timing* (latency, etc) that there are an attacker.

I don't know if this can be done securely with computers, though. It might not be possible to protect yourself from an attacker with 100x your resources even with this scheme.

Can somebody take a look at it and see if you can figure out a way to make it work, and work well?

asdJune 6, 2011 12:26 AM

@Natanael L, Throwing something out, if you had a string "GET /index.html"(plain), and you encrypt that to "BBBBBBBBBB"(public key,encrypted plain) to send to Bob, if you use "B" as the start and a loop(0 t0 2bil) and xor "B" with the numbers until it matchs say "i", that would have a value say 1bil which is meant to be Alice number.
When Bob sends a message back to Alice, she can use one part of her public key knowing that it equal 1 bil to decode.
The encode/decode and plaintext would be extactly the same, but "B" now holds "i" has hidden data(sitig)
B^0n^1n^2n^3n..to ff..ff..if = "i" num = n

Natanael LJune 6, 2011 2:49 AM

@asd: I'm not entirely sure I know what you mean.

Remember that the attacker has access to all the data that Bob and Alice sends.
The idea is that he just won't be able to figure out what's hidden where in the data streams in time if he were to relay everything and only passively replace public keys and such, which would bite him since Alice and Bob would check for various hidden data in various ways and would reveal the location of hidden data occasionally.

Note that the steganography method should be one that is hard to detect *and that is hard to fake*, such that you can not take any random data string and generate a key that results in a chosen plaintext. Doing so and adding a strictly limited level of error correction in some encrypted strings would make it hard for the attacker to transparently alter the data stream.

He would have to generate new random data in the same pace as Bob and Alice, and he won't know what's random and what's not. He would essentially be forced to pass on some encrypted data and later it's key in unmodified form at some point to not be detected, and then he will have lost anyway.

ThinkererJune 6, 2011 3:23 AM

The webcam proctoring site doesn't indicate that the exam materials are ever subject to a chain-of-custody. There is no assurance that the exam taken on camera is in any way related to that which is sent for grading.

asdJune 6, 2011 3:46 AM

@Natanael L , Alice sends a key(can be changed by mitm), but Bob doesn't send his key, but creates a modfited one from Alices one and his. The keys could be any bytes in the packets before that stage random selected or from a program or "GET /index","host".
The key(bob, same setup for alices side) don't matter if they are sent on the wire(don't mean anything).
Xor is weak , but relaying on not knowing from were and can increase to more than a byte if speed isn't much of a issue.
256 xor loop wiil keep "A" as "A", but were in that loop that you extract the data to get the true meaning/keys/hash etc which doesn't get passed over the wire directly. In the file E was alices number(M^nE), and 8 was bobs, when bob tryed to reverse the step = not zero(L^L^packet(bobs key) it failed.
The attacker would have to guess bobs key(unmodifed one).Brute force wise would be easy but mitm would only get a coulpe of goes.
K(alices key/data)
L(bobs key/data)
M(mitm key/data/or zero)
pka (alice public key)
pkm (mitm public key)
pkb (bobs public key)

ShaneJune 6, 2011 1:24 PM

Wow, couple this with every med students' Adderall addiction, and I just can't wait to get some invasive surgery!! Oh, and of course I'll be paying more than any citizen of any other country in the world for it as well!

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..