He might be too young to have a Facebook FB -0.46% account, at least according to Mark Zuckerberg’s rules, but Jani (full name not revealed) has just been handed $10,000 by the social media giant for uncovering a flaw in Instagram. The 10-year-old Finn became the youngest ever recipient of a Facebook bug bounty after uncovering a vulnerability that allowed him to delete any message on the photo sharing application.
The Helsinki-based wunderkind, according to Finnish publication Iltalehti, discovered he could alter code on Instagram servers to force delete users’ words. “I would have been able to eliminate anyone, even Justin Bieber,” he told the paper (translated).
Facebook told FORBES that Jani verified his report by deleting a comment the company posted on a test account. A spokesperson confirmed the bug was patched in late February and the $10,000 reward handed to Jani in March.
Some serious bugs have been found in Instagram in recent memory. Not all have gone rewarded, as in the case of researcher Wes Wineberg, who uncovered “shocking” bugs in December 2015 that allowed him access to a vast amount of internal Instagram data. Facebook believed he’d gone too far in proving his point, denying Wineberg a bounty.
According to Facebook’s latest update, the bug bounty programme has awarded more than $4.3 million to more than 800 researchers around the world. In 2015, it paid $936,000 to 210 researchers for a total of 526 reports. Whilst many American and European hackers have submitted hacks, Indian researchers have disclosed more bugs than any other nationality. The previous youngest recipient of a bounty was just 13.
Given Jani’s auspicious start, he could become a top whitehat hacker. He told Finnish media he started picking up hacking skills from YouTube videos and now wants to join the industry. “It would be my dream job. Security is really important.”
Like any sensible kid, Jani plans to spend his earnings on football and a new bicycle.
The Helsinki-based wunderkind, according to Finnish publication Iltalehti, discovered he could alter code on Instagram servers to force delete users’ words. “I would have been able to eliminate anyone, even Justin Bieber,” he told the paper (translated).
Facebook told FORBES that Jani verified his report by deleting a comment the company posted on a test account. A spokesperson confirmed the bug was patched in late February and the $10,000 reward handed to Jani in March.
Some serious bugs have been found in Instagram in recent memory. Not all have gone rewarded, as in the case of researcher Wes Wineberg, who uncovered “shocking” bugs in December 2015 that allowed him access to a vast amount of internal Instagram data. Facebook believed he’d gone too far in proving his point, denying Wineberg a bounty.
According to Facebook’s latest update, the bug bounty programme has awarded more than $4.3 million to more than 800 researchers around the world. In 2015, it paid $936,000 to 210 researchers for a total of 526 reports. Whilst many American and European hackers have submitted hacks, Indian researchers have disclosed more bugs than any other nationality. The previous youngest recipient of a bounty was just 13.
Given Jani’s auspicious start, he could become a top whitehat hacker. He told Finnish media he started picking up hacking skills from YouTube videos and now wants to join the industry. “It would be my dream job. Security is really important.”
Like any sensible kid, Jani plans to spend his earnings on football and a new bicycle.
No comments:
Post a Comment