Hacking of TCS iON for remote access of JEE Mains exams?

The Central Bureau of Investigation (CBI) has started investigation into the possibility of a hack into Tata Consultancy Services’ iON platform in relation to the JEE Mains exams breach that happened recently.
The alleged manipulation came to light when the CBI booked three directors of a Noida-based entity on Friday, BusinessLine reported.

TCS iON is the country’s largest digital assessment software provider. The National Testing Agency (NTA) had appointed the company to conduct national level exams, including NEET and JEE Mains. TCS iON also manages the logistics requirements for the tests, including managing test labs and appointing venue heads.

CBI is probing multiple TCS iON’s labs at different locations where tests were conducted, including a university in Sonipat.

TCS noticed the irregularity in its testing systems on September 1; the JEE Mains Exam took place between August 26 and September 2.

The investigative agency has arrested seven people in relation to the case, which include three directors from Affinity Education, a private coaching centre.

TCS iON’s systems don’t allow external applications or tools to be introduced to its computers and blocks internet access as well. The test computers may have had some external application pre-installed which was used to connect to the internet remotely and gain access to the computer during the tests.

This is done by coaching centres in remote areas. They connive with the venue heads and help students share the screens of their tests remotely and, someone else, most likely from the coaching centre would complete the test on the student’s behalf. The students pay an advance of around Rs 2-3 lakh per system getting hacked. These systems are installed with these remote access tools before the exams happen.

Ethical hacker Sunny Nehra told BusinessLine : “These tools are externally installed and connected with a Windows system through which remote access is given. Though iLEON operating systems are very strong and hard to crack, the company would have to identify the loopholes in the back-end and rework the architecture of the software.”