CHINA TOPIX

11/23/2024 04:16:14 pm

Make CT Your Homepage

10-Year-Old Becomes Youngest Recipient of Facebook's Bug Bounty Reward

Mark Zuckerberg

(Photo : Michael Short/Bloomberg via Getty Images) A 10-year-old boy from Finnland has become the youngest winner of Facebook's Bug Bounty program.

A 10-year-old boy from the Finnish capital city of Helsinki has been awarded a $10,000 bounty after he successfully uncovered a major security flaw hidden deep in the code of photo-sharing application Instagram.

The bounty was awarded by Facebook, Instagram's parent company. The kid, known only by his first name Jani, became the youngest ever white hat hacker to be awarded a bug bounty from Facebook. He toppled the previous record holder, who was 13-years-old.

Like Us on Facebook

"I tested whether the comments section of Instagram can handle harmful code. Turns out it can't," Jani said an in interview with Finnish publication Iltalehti, which was translated by The Guardian."I could have deleted anyone's - like Justin Bieber's for example - comments."

Delving deep in the code of Instagram, Jani discovered that he could access the app's servers and make alteration and force delete posts made by users. Upon discovering the bug, Jani reported it to Facebook via an email.

Facebook was able to verify Jani's report by creating a test account and had the kid remotely delete a comment posted by that account. According to Forbes, Facebook was able to patch the flaw in February and awarded the $10,000 bug bounty reward to Jani in March.

A description of the flaw states that the problem is in a private application programming interface that does not properly identify the person deleting the comments. Altering a few lines of codes can make the computer believe that the comments are being deleted by an authorized person.

Facebook claims that its bug bounty program has awarded more than $4.3 million worth of rewards to more than 800 security researchers who have successfully discovered a flaw in its codes. The bug bounty does not necessarily demand a user to provide the patch or fix to the flaw. All a user has to do is discover the flaw and properly report it to Facebook.

Real Time Analytics