Google Bug Bounty Program Awards Teen $36,000

Must Read

3 Most Common Mistakes Social Media Marketers Are Committing In 2016

In their quest for greater sales and increased ROI, the self-appointed “digital marketing guru” has lost touch with what...

The Best Selling Smartphones Of 2016: Apple iPhone 6s Tops The Chart

Good news for Apple, as a recent report by IHS Markit found that the Apple iPhone 6S was the...

A Big Blow To Amazon and Flipkart: CCI Investigation To Continue

Flipkart and Amazon continue to find themselves in hot water as their plea against the investigation that is being...

Cyber-crime is one oft-repeated threat, which apparently doesn’t seem like slowing down. However, the only defence to this threat is security vigilance and awareness. A quick way to test the corresponding security measures is by incorporating bug bounty programs which have been on the maps of several companies, for a long time now. Although not all bug bounty programs provide remunerations, others can go as high as $36,000 like Google who recently awarded an Uruguayan teenager for exposing a security flaw.

The herculean search engine Google awarded an Uruguayan teenager with $36,000 for reporting a major vulnerability. The 18-year-old Ezequiel Pereira from Uruguay debugS a severe security hole which, otherwise, would have allowed hackers to make changes to Google’s internal systems. At the outset of 2018, Ezequiel Pereira, having a keen interest in programming, got access to a non-Production App Engine deployment environment where he was able to use internal APIs. Remote Code Execution, as it is known, is a part of Google Vulnerability Rewards Program.

The Uruguayan Prodigy:

Ezequiel Pereira, while on the verge of turning 17, earned his first reward through Google bug bounty program wherein he exposed a Google security flaw.

Tapping along the ABCs of this whiz kid; Pereira got his first computer when he was 10. He spent years learning different coding languages, after a steady initiation when he was 11 years old. He finished off as a grand prize winner of Google Code-in 2015, paving a way to Google’s California headquarters.

Advertisements

I found something almost immediately that was worth $500 and it just felt so amazing. So I decided to just keep trying ever since then. – Ezequiel Pereira

He found his second biggest bug on July 2017 through which he earned $10,000. Despite using more than half of the money on applying for scholarships to US Universities, he couldn’t manage into any of the schools. Hence, he took off to become self-taught and started schooling at home. With an aim of achieving master’s degree in Computer Security, Pereira keeps himself busy, hunting bugs.

Pereira got permission to write about how he discovered it recently after Google fixed the issue. It marks his fifth accepted bug.

The Tabloid in a Nut-shell:

  • Early February 2018: Main bug was discovered.
  • February 25th, 2018: Initial report sent, containing the “stubby” API
  • March 4th and 5th, 2018: The app_config_service” API was discovered and reported
  • Between March 6th and 13th, 2018: The access to non-prod Google App Engine environments was blocked with a 429 error page
  • 13th March, 2018: Reward of $36,337 issued
  • May 16th, 2018: Confirmation of the security flaw been fixed.

Bug Bounty Programs Boosts Ethical Hacking :

Bug bounty programs are designed to key-up software security researchers and pay them to find vulnerabilities and report back to the sponsor. In return, the researchers are richly rewarded for their findings. In fact, as part of Google’s Android Security Rewards Program, Researcher Guang Gong, received the largest reward of the year 2017: $112,500.

Heretofore, Pereira’s submissions are towards the Google’s bug bounty program. However, there’re many other technology companies which offer similar awards to ensure smooth and essentially, authentic and supervised access. Introducing bounty programs and offering monetary awards is sure to motivate hackers to discover and report flaws rather than selling them off to malicious, third-party sources. Many corporations have been announcing such programs, wherein they reward hackers who can break into their systems and eventually, report breaches in the process.

Ethical hacking is one’s fair shake to be on the right side of the law while securing systems by hunting down flaws and fixing them.

Advertisements

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Latest News

Elon Musk, CEO of Apple: Had Tim Cook Agreed To Acquire Tesla In 2016

Depending on who you speak to, Elon Musk and Tim Cook has their own version of the history that...

In-Depth: Dprime

Will ‘TikTok By Microsoft’ Be A Winner?

For the last two years, TikTok has been in the public eye for all sorts of reasons. First, it was the exploded and unparalleled...

Facebook Subscription Model: Looking Beyond Ad Dollars?

Seldom do job listings create a stir this gripping. However, when the job listing in question is a stealth post from Twitter, with a...

Will The Online Food Delivery Market in India End Up Becoming A Two-Horse Race?

It's pretty much evident that the food delivery space in India is all set to get riled up soon enough as one of the...

More Articles Like This