Indian engineer receives 8.4 Lakh in bounty for exposing image-deleting Facebook bug.
Bangalore: Arul Kumar, a 21 year old Indian Electronics and Communications engineer hailing from Tamil Nadu, has been awarded bounty of $12,500 by Facebook for recognizing a bug within website which allowed users to delete an image or an interaction from other users without his or her concern.
The whole story started when Kumar, also a researcher, posted in his blog about a flaw within the Facebook Support Dashboard. According to the blog, it is easy to exploit the Facebook Support Dashboard and delete any picture from any user page, including verified ones. The blog also had a detailed structure of the bug. For more confirmation, Kumar even had made a video on the bug and send it to the Facebook security team.
About the flaw, it works well with any browser, but according to Kumar, it works better through mobile devices. Initially, the doer needs two profiles, one as the receiver and the other as a sender. Parameters used are Photo_iD and Owner Profile_iD. Once exploited, hackers can delete any photos from any user profile without the owner even knowing about it.
No comments:
Post a Comment