Student Alleges CBSE OSM System Hacked: A Major Concern for Exam Security
The alleged hacking of the CBSE OSM system by a 19-year-old student has sparked concerns about security in high-stakes exams. While CBSE denies the claim, experts urge thorough testing before widespread implementation of technology.
Highlights
- •Nisarga Adhikary's claims suggest critical vulnerabilities in the OSM portal
- •CBSE denies hack claims, stating that only test data were involved
- •Experts demand rigorous testing before adopting such technologies in exams
- •Allegations may distrust in student marks and exam integrity
Hyderabad: A student named Nisarga Adhikary has alleged that the CBSE On Screen Marking (OSM) system was hacked, a claim strongly denied by the Central Board of Secondary Education (CBSE). The incident has raised serious concerns among educationists and parents about the security of online evaluation systems during high-stakes exams.
Details of the Allegation
Nisarga Adhikary, a 19-year-old student, first detected vulnerabilities in the OSM portal on February 25. He reported these to CERT-in, India's Computer Emergency Response Team. According to his blog, several critical vulnerabilities allowed full account takeover of examiner accounts and potential alteration of students' marks. The issues he identified included a master password left exposed in the source code, fake one-time passwords (OTPs), lack of access controls, unverified password changes, and server trust in unverified user IDs.
Adhikary's allegations are rooted in evidence, including screen recordings and proof from CERT-In acknowledging the vulnerabilities. He claims that similar issues exist on other subdomains such as cbse1.onmark.co.in, cbse2.onmark.co.in, etc., suggesting a larger security issue.
The CBSE disputes Adhikary's claims, stating that the URL cited (cbse.onmarks.co.in) was merely for internal testing with no actual evaluation data or marks. However, Nisarga asserts that if test data were involved, he would not have had access to prod user data.
Reacting to these developments, Rekha Rao Ch., an academic, emphasized the need for thorough testing before implementing such technology. A.N.S. Shankar Rao, a lecturer, expressed disappointment in the CBSE's approach, saying, "Before using the technology in real time, the CBSE should have tested it properly."
Stressing on the impact of this issue, Anubha Shrivastava Sahai, an advocate and president of India Wide Parents Association, stated that such incidents not only shake public confidence but also affect exam integrity. The hacking allegations may lead to distrust in the marking process itself, putting at risk the fairness of the evaluation.
Nisarga's claims have prompted a broader debate on the security measures and accountability mechanisms within CBSE-controlled online systems. As academic institutions increasingly rely on technologies for assessment, it is crucial that such platforms undergo rigorous scrutiny to prevent tampering and ensure exam integrity.
