Indian techie awarded 10,000 for discovering a flaw in Instagram

SHARE:

Twitter Facebook Google Pinterest
0 0 Tuesday, 27 August 2019 Edit this post

Facebook has awarded an Indian techie $10,000 for spotting a flaw in the app. Interestingly, he was awarded $30,000 by Facebook for finding ...

Facebook has awarded an Indian techie $10,000 for spotting a flaw in the app. Interestingly, he was awarded $30,000 by Facebook for finding a bug in the mobile recovery flow of the Facebook-owned photo and video sharing app. Chennai-based security researcher Laxman Muthiyah said he again discovered a new account takeover vulnerability in Instagram. The new vulnerability is similar to the one he reported in July and allowed anyone to hack Instagram accounts without consent permission.

Facebook says it has fixed the spotted vulnerability. "Facebook and Instagram security team fixed the issue and rewarded me $10000 as a part of their bounty programme," Muthiyah said in a blog post. 

The vulnerability could allow hackers to use the same device ID - the unique identifier used by Instagram server to validate password reset codes - to request multiple passcodes of different users.

In reply, Facebook said in a letter to Muthiyah, "You identified insufficient protections on a recovery endpoint, allowing an attacker to generate numerous valid nonces to ten attempt recovery.”

Last month, he found a bug that allowed hackers to hack in three simple steps:

Triggering a password reset. Requesting a recovery code. Quickly trying out every possible recovery code against the account.

While looking for an account takeover vulnerability, the techie turned his attention to the Instagram forgot password endpoint. Last month he claimed that he had sent thousands of requests to check whether Instagram’s systems are validating and rate limiting the requests properly. He found he was able to send requests continuously without getting blocked. In order to be able to change the password, he needed the code (which was sent to the account user’s registered mobile number). So there was only one, hit-and-trial, method that could have provided him with success. 

This is not the second time Muthiyah has found a flaw in a Facebook app. In the past, he uncovered a data deletion flaw and a data disclosure bug on Facebook as well. 



from Latest Technology News https://ift.tt/2PdpVXQ

SHARE:

Twitter Facebook Google Pinterest

COMMENTS

BLOGGER
Name

7,1,Airtel,1,Andriod,1,Android,4,Android Q,1,apex,1,Apple,7,Apps,1,Asus Rog,1,Black Shark 2,2,Boeing 737 MAX,1,Bsnl,2,camera,2,CPU,3,Donald Trump,1,Earphone,1,Facebook,5,Fan,1,Fitbit,1,foldable Phone,2,Fortnite,1,Galaxy A40,1,Galaxy s10,1,Galaxy s10e,1,Games,10,gaming,1,Google,6,Google Pixel 2,1,Honor 10i,1,Huawe,1,Huawei,6,Huawei GT,1,IBM,1,Instagram,2,Internet,2,ios,2,iPad,2,iphone,2,Israel,1,jiomart,1,Laptop,1,Leica Q2,1,M20,1,mac,1,MacOS,1,Mi 9,1,Mi A2,1,Mi LED TV,1,MicroSoft,3,mobile,1,Moon,2,Mozilla,1,Nasa,2,News,1,Nokia,4,Nokia 62,1,Nvidias,1,OnePlus,4,Oppo,5,P30,3,Pixel,1,Poco F1,1,Pubg,12,Qualcomm,2,Redmi 3,1,Redmi 6 Pro,1,Redmi 7,1,Redmi Note 7,1,reliance,1,Reno,1,samsung,11,Skype,1,SmartPhone,56,Social,5,Spotify,1,Tech,35,Telecom,3,Touchpad,1,Tournament,1,TV,1,Twitter,1,Vivo,2,Watch,2,WhatsApp,1,Xbox,1,Xiaomi,16,y9li,1,
ltr
item
Genius Baba: Indian techie awarded 10,000 for discovering a flaw in Instagram
Indian techie awarded 10,000 for discovering a flaw in Instagram
http://feeds.feedburner.com/~r/digit/latest-news/~4/FBPrcgOdfgg
Genius Baba
https://geniusbabaa.blogspot.com/2019/08/indian-techie-awarded-10000-for.html
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/
https://geniusbabaa.blogspot.com/2019/08/indian-techie-awarded-10000-for.html
true
7104319406113350277
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy