Showing posts with label Bug Bounty. Show all posts
Showing posts with label Bug Bounty. Show all posts

Monday 23 October 2017

Google Bug Bounty: Google Will Pay Hackers Who Find Flaws in Top Android Apps

Google’s new Security Reward Program

Google takes a lot of steps to ensure the security of their platforms. One such measure is the bug bounty reward program taken by Google. It involves the rewarding of persons who find faults or bugs in apps operating on Google play.

Google is closely collaborating with Hacker One, a company that rewards hackers for identifying bugs in a program and android apps to create a Google security reward program. This trademark initiative is said to help app developers and users alike. It will also improve the entire google play platform.

Bug bounty works like this, a hacker can identify bugs or an issue with a particular app and send a report pertaining to the issue to the developer of the app, the developer then resolves the issue/issues and then the hacker is free to contact the google play reward program.

The hacker can also work closely with the app developer to rectify the issue. The hacker can claim the bug bounty reward only once the issue is fixed. Hackers can get a bug bounty reward of up to 1000$.

There are various rules governing the bug bounty reward program. All hacker have to report vulnerabilities to the developers first. The developer should have resolved the issue before a hacker can request a bug bounty reward. If the developer does not respond to the bug report or does not show any inclination to fix the problem, the hacker does not get the bug bounty reward.

A detailed report has to be submitted along with meeting all of googles required criteria. Any issue that causes multiple problems in a program is only eligible for one bug bounty reward. If more than one hacker identifies an issue only the first report will be eligible for a bug bounty reward.

This program is right now available for only certain specific apps. Basically everyone knows that there are many apps on the play store and not all of them are up to a certain quality standard. In order to avoid giving bug bounty rewards to those apps that are sub- standard and contain a lot of bugs, google has introduced this program to only a few apps at present. Alibaba, dropbox, headspace, line,snapchat and tinder are the few apps that are included in the bug bounty reward program. As of now only these apps have opted into google’s bug bounty reward security program. In time a lot more apps mayopt in to the bug bounty rewards program.

Hackers will also be given information about the developer of the app so that they can interact directly with the developer in resolving the issue. Right now only google has reserved the right to reward hackers according to pre specified vulnerability criteria and only once the criteria has been met, only then will a hacker be rewarded. All bugs have to be resolved with a developer within 90 days to qualify for a bug bounty reward. Google has used the bug bounty program in order to improve the overall quality of apps and the google play platform.

Wednesday 11 May 2016

Facebook Pays $10,000 to 10-year-old Instagram Hacker

Instagram

Youngest Recipient of Facebook’s `Bug Bounty’


A 10-year old Finnish boy has been rewarded a sum of $10,000 by social media giant Facebook for locating a malfunction in its picture sharing app Instagram. The last name of Jani has not been revealed for privacy reason who is the youngest ever recipient of Facebook’s `bug bounty’ paid to users who tend to find bugs or flaws in its platforms. Jani had informed Finland’s Iltalehti newspaper that he wanted to see if Instagram’s comment field could stand malicious code and it turned out that it could not.

Facebook stated that the malfunction had been fixed in February and the reward had been paid in March. Jani who is yet too young to have a Facebook or Instagram account of his own, informed that he learned coding from Youtube videos and identified a way to delete user comments from Instagram accounts. He informed Iltalehti that he could have deleted anybody’s comment from there. He stated that he was thinking about a career in data security though for the moment his plans comprise of buying a new bike and a football with the reward money.

Not Unusual for Teenagers to Submit Reports to Program


Since 2011, Facebook has been running its `bug bounty program, which had been rewarding hackers when they report problems of tech and security. Since its launch, Facebook’s bug bounty had awarded over $4.3 million to more than 800 researchers across the world where the program tends to determine the pay-out based on the risk of the bug instead of how complex it could be. In 2015 alone, 210 researchers had received $936,000 with an average pay-out of $1,780.

A Facebook spokesperson informed CNNMoney that it is not unusual for teenagers to submit reports to the program. Several tech companies tend to offer similar programs to hackers who seem to report cyber-security susceptibilities. Uber had recently started offering $10,000 rewards for every critical problem which were identified by the hackers. AT&T payments range from $100 to $5,000, while Google tends to pay between $100 to $20,000.The Finnish boy has become the youngest recipient of cash from Facebook for hacking its products.

Created Test Instagram Account


The earlier record had been set by a 13 year old way back in 2013 which means that his latest young hacker is the first person to crash a Facebook product which are not technically even able to utilise considering that it is supposed to be limited to below 13s. The company had informed Forbes that while poking around where he should not have been, Jani found that he could change code on Instagram’s server and force deletes the posts of users.

This had been confirmed by Facebook utilising a test account and had patched it in February. It is not clear how Jani had identified the vulnerability. Iltalehti had reported that Jani together with his brother had a habit of watching videos regarding computer security on YouTube. The bug was a problem with Instagram’s application program interface of API, on how the app tends to communicate with the server.


If one has to erase a remark from Instagram, the API seems to check that you have the authority to delete the comment. After Jani had informed Facebook regarding the problem, the company had created a test Instagram account and had posted a comment. Facebook had then asked him to go ahead and delete the comment.