A Joint Entrance Exam (JEE) Advanced 2024 candidate has alleged loopholes in the exam software at the Indian Institute of Technology (IIT) Madras.
On Monday, May 27, Ashish Kumar Verma took to social media platform X to point out the loophole, which he says was caused by a Human Interactive Device (HID) configuration issue.
In his post, he also said that he would not ask for “bounties” from IIT Madras for pointing this out, as he was a fan of the work of the institute’s director Prof V Kamakoti.
JEE Advanced 2024 took place on Sunday, May 26.
The loophole
Ashish claimed that while taking the test, he could exit the test window — which should ideally not be possible.
“Because of security measures at the software level, test takers are not allowed to close or exit the TCS iON test window. After finishing the test, one is usually redirected to the TCS iON homepage. However, I could exit the window,” he said, speaking to EdexLive.
TCS iON is the application on which the computer based JEE Advanced exam was conducted.
At 17 years old, Ashish has been working in the tech industry since his school days and has numerous achievements in coding and web development under his belt. He also founded an Artificial Intelligence (AI) company of his own. It is with the help of this knowledge and experience that he spotted the loophole.
Explaining what happened in detail, he says that the TCS iON administrators, who were in charge of the test centres ran the e.preventDefault() function, which is used in Javascript to prevent default actions of events, on the systems.
However, after he was done with the exam, he wanted to check the security measures implemented. “So, I unplugged and plugged my keyboard back in, and I noticed that the command was reconfigured after a gap of three to four seconds. Within this timeframe, I entered the shortcut command Ctrl+Shift+I, and the developer console of the browser opened.”
He adds that this three to four second interval was the time it took for the keyboard to get reconfigured to the e.preventDefault() function.
Through the console, Ashish says that he could gain access to the whole operating system.
“I saw that all systems were connected to a local IP address. However, I also noticed that I could sign out of the current computer and sign into another computer in the same network, by logging out and entering the code of the latter,” he explains.
He adds, “For example, if my computer is C002, I could log out and enter another computer bearing the code C005 by simply entering its code.”
Explaining why it is a matter of concern, he says that this loophole could enable mischief and malpractice in the exam.
“Once you log into another computer, the session on that computer ends, and the user gets locked out. If it happens in the exam to a candidate, their exam would get jeopardised. The candidate would lose precious exam time in trying to get back to the exam, and we know that every second counts in JEE,” he explains
Considering how many aspirants consider the JEE their lifeline, "This loophole could impact their future and career prospects,” he adds.
Another equally concerning matter, he says, was that he could enter any system by just entering its code and pressing the "Launch" button, with no prompts or other forms of verification.
The response
When Ashish took to social media and disclosed this loophole, many current students and alumni of IIT Madras assured him that they would take this up with institute director Prof V Kamakoti.
However, a few others responded by saying that this is not a loophole, but a deliberate feature to enable users to switch to other systems in case of a malfunction.
To that, he says that the ability to switch sessions between computers must rest only with the systems administrator, and not the systems of the exam candidates.
He further says that IIT Madras is yet to reach out to him on this matter.