fbpx

Facebook pays 2.4 million to Indian security researcher for bug alert

Reading Time: 2 minutes
Facebook pays 2.4 million to Indian security researcher for bug alert

It is raining bug bounties for Indian ethical hackers and cybersecurity researchers as now, an Ahmedabad-based security researcher Bipin Jitiya has won Rs 2.4 milion ($31,500) from Facebook for identifying a bug in its social networking platform and a third-party business intelligence portal.

Jitiya, 26, identified the web security vulnerability in internal blind Server-Side Request Forgery (SSRF) in the source code of a publicly accessible endpoint, built using tools from MicroStrategy, that performed custom data collection and content generation.

MicroStrategy has partnered with Facebook on data analytics projects for several years. Jitiya reported the bug to the MicroStrategy’s security team, who acknowledged it, saying the issue has been mitigated.

“I have always aimed in finding bugs in Facebook because it is the biggest social network on Earth with best-in-class security features in place. This time, they have awarded me with $31,500 for finding a critical bug. I have identified bugs in their systems in the past too,” Jitiya told IANS on Monday.

In a Server-Side Request Forgery (SSRF) attack, the attacker can abuse functionality on the server to read or update internal resources. In typical SSRF attacks, the attacker might cause the server to make a connection back to itself, or to other web-based services within the organization’s infrastructure, or to external third-party systems.

“I created a scenario that shows how the sensitive information leakage may be useful for launching specific attacks like path traversal and Server Side Request Forgery (SSRF). If an attacker is able to learn the internal IP addresses of the network, it is much easier for him/her to target systems in the internal network,” explained Jitiya.

The bug has now been fixed.

“When I first got this bug on Facebook server I tried to convert it to RCE (remote code execution) but, unfortunately, they implemented good security measures. However, I made a total of $31500 ($1,000 + $30,000 + $500) from this vulnerability,” he informed.

On a question whether he would join Facebook cybersecurity research team if given an offer, Jitiya told us: “I would like to stay in India and work as a security researcher for Indian firms. I am not a bug bounty hacker”.

Last month, a 27-year-old Indian security researcher Bhavuk Jain grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero Day vulnerability in the Sign in with Apple account authentication.

The Zero Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.

“Indian ethical hackers and security researchers have come of age, and are now creating headlines the world over with their unmatched skills,” said Jitiya.

READ ALSO: Cyberattacks increase by 37 per cent in India in Q1, 2020

- Advertisement -

Related Articles

LEAVE A REPLY

Please enter your comment!
Please enter your name here

- Advertisement -
- Advertisement -

Podcasts

Listen to Indian Link’s NEW Travel Podcast

0
  Indian Link's NEW travel podcast- Feel New In NSW is all about travel and especially made for people who love to explore places in...

It’s National Blood Donor Week

0
  It’s National Blood Donor Week. In our new podcast host Ekta Sharma speaks to Canberra‘s Nidhi Kaushik who runs an amazing donation campaign every year....

Let’s Talk Boosters: Indian Link podcast

0
  In LET'S TALK BOOSTERS, a new podcast series by Indian Link, host Ekta Sharma quizzes Dr Kritman Dhamoon of Blacktown Hospital Sydney about booster...
- Advertisement -

Latest News

Coffs Harbour: A sense of belonging

0
  For many of us of Indian descent here in NSW, Coffs Harbour holds a special place in our hearts. The work of the Sikh...

Census 2021: India third largest source of migrants in Australia

0
  India has become the third-largest source of migrants in Australia, according to the 2021 Census. Results of the Census released today by the Australian Bureau...
ritu arya lila pitts

Twitter’s loving Ritu Arya as Lila from ‘The Umbrella Academy’

0
  *This may contain spoilers for seasons 2 and 3 of The Umbrella Academy* After nearly two years of waiting, the third season of Netflix's hit series...
Flora Dora

Indian spices and Australian botanicals: a unique gin collaboration

0
  A chance encounter at a trade fair in Berlin has led to a fascinating collaboration between Stranger & Sons in India and Four Pillars...

Snowy Mountains adventure

0
  A wonderful ski season is currently on at the Snowy Mountains. If you’ve missed the slopes in two years of COVID closures, or are...