What if someone could access your graduation results and alter the same at will? Students of the region’s prestigious Gauhati University aren’t aware that their marksheets stored on the servers of the university could be easily accessed by a mid-level cyber expert with chances of serious compromise to the data. A Bongaigaon-based class XII student found flaws in the network server of the university and has access to their backend and complete database. Sounds scary?
Rony Das, a class XII student of Bongaigaon Railway HS School hacked into the servers of the Gauhati University website through his Android phone in December last year and informed the university registrar through a mail immediately. While Rony thought the vulnerabilities he pointed out to the university was rectified, he was shocked to find that the issue wasn’t resolved till last week. Rony again mailed to the university, but nothing was done.
“I am a web security enthusiast and while researching on security faults, I managed to access the Gauhati University control panel with ease through my Android phone. What if someone with bad intentions exploits the vulnerabilities and play with the future of thousands of students studying in the university?” Ronny said while talking to TOI.
When contacted, Gauhati University officials were caught unaware on the issue. While the system admin at the university said they will look into the matter on Thursday, VC Mridul Hazarika told TOI that he will take action at the earliest. “I should thank you for intimating me about the issue. I am not informed about the same but I am happy that the ethical hacker choose to inform us about the vulnerability beforehand,” Hazarika said. He added that if needed the hacker’s opinion in securing the servers will be sought and students shouldn’t worry as their data will be secured on priority.
Rony shared a video with TOI which showed how easily he could access the database of the university and everything – including marks – could be altered through a mobile device. While surfing for similar vulnerability, the information security enthusiast also managed to find flaws in the content management system of a political party’s website.
Rony’s father is a tailor in Bongaigaon. The young prodigy wishes to pursue higher education in information security from Mumbai/Pune. “I am a self-learner and hope that with proper education I will be able to be an information security expert and serve the country. With regular news of web hacks by hackers from other countries, India should better its stealth. Hope I achieve my aim some day,” he said.
Source : TOI
While talking to Professional Hackers India, Rony Shared the self captured image of TOI news paper cutting.