All the tech giants like Google, Facebook, Microsoft and Apple are giving away huge amount of money to anyone who can report a vulnerability in one of their products. These tech giants run bug bounty programmes to encourage independent ethical hackers and security professionals to try and crack their security code in order to identify vulnerabilities in the system. This will help these companies in making their products even better.
Just recently Google came up with the Project Zero Prize contest. Google will offer prizes up to Rs. 2.3 Crore to anyone who can hack its smartphones.
While most of us surf social media for hours as a part of our routine, to scroll the news feed to see what our favorite celebrities have been doing, but for this 20-year-old Arun S Kumar, it is more than fun. This Kerala-based hacker Arun Kumar spends most of his time outing in the social media to hunt bugs. He enjoys his work and he’s earning more than many software professionals.
The 20-year-old hacker has earned a lot just by reporting bugs for Facebook, Twitter and a host of other US-based companies. Facebook had paid him Rs. 7 Lakhs in April itself, for helping the website spot another vulnerability. In the last three years, Kumar has earned over 30.85 lakh for reporting bugs to various tech giants.
Arun is a student of MES Institute of Technology and Management in Chathannoor. The young hacker reported a bug that would allow a malicious hacker to take control of a Facebook page in less than seconds. The bug, if exploited, could have been used to hack into any user’s account to get access to a user’s messages, photos and even debit/credit card details stored in the payments section without any user interaction.
Arun investigated the bug, after his findings, he sent the bug report to the Facebook security team on August 29. The bug was fixed on September 6 and he received a mail three days later in which he was informed that he was the winner of the reward. Arun said,
In my latest bug hunting, I found that Facebook’s business manager is vulnerable to cyber-attacks as anyone could hack the page of a business establishment or organisation in 10 seconds. This application provides direct access to objects based on user-supplied input. This helps the attackers bypass authorization and access resources in the system directly. It was on August 29 that I reported it to the Facebook. The next day they acknowledged it and on September 6 I was informed that they have fixed the bug. A security team member of Facebook informed me 10 days later that they will pay me a bounty of 16,000 dollars.
Isn’t that an interesting story? We are so proud of you Arun! Share this story with your friends!