Published 12:59 IST, August 27th 2019

Chennai engineer finds a bug in Instagram, wins over Rs 7 lakh bounty

Facebook awarded Laxman Muthiyah, a Chennai-based independent security researcher, with a bug bounty of $10,000 for discovering a major loophole in Instagram

Reported by: Tanmay Patange
Follow: Google News Icon
  • share
null | Image: self
Advertisement

India has short of talent. Recently, Chennai-based security researcher Laxman Muthiyah said he won $10,000 (more than 7 lakh rupees) for discovering a critical security loophole in Instagram app. Muthiyah bagged such a massive cash-prize Facebook as part of social networking giant's bug-bounty program. But did you kw this is t first time Muthiyah has mand to grab attention of one of world's major Techlogy and Internet company? Previously, he h won $30,000 (more than 21 lakh rupees) for spotting a similar bug in Facebook-owned photo and video-sharing social networking service. In fact, in 2015 as well, Muthiyah h won $10,000 bug bounty from Facebook in ar discovery.

Who is Laxman Muthiyah?

According to his LinkedIn profile, Chennai-based Laxman Muthiyah has been working as an independent security researcher since 2012. Muthiyah has studied Bachelor of Computer Engineering from Sri Venkateswara College of Engineering in Tamil Nu.

Advertisement

What was hack?

In his recent blog post, Muthiyah detailed Instagram vulnerability. If exploited, it could allow an attacker access to any Instagram account in less than 10 minutes.

"re are one million probabilities for a 6 digit pass code (000001 to 999999). When we request passcodes of multiple users, we are increasing probability of hacking accounts. For example, if you request pass code of 100 thousand users using same device ID, you can have 10 percent success rate since 100k codes are issued to same device ID.  If we request pass codes for 1 million users, we would be able to hack all one million accounts easily by incrementing pass code one by one," Muthiyah said

Advertisement

RE | Security researcher discovers major flaw in Truecaller's login process

"refore, an attacker should request codes of 1 million users to complete attack with 100 percent success rate. We should also te 10 minutes expiry of code, so entire attack should happen within 10 minutes," he ded.

Advertisement

RE | 22-year-old Manipur boy discovers WhatsApp privacy bug, wins Rs 3,47,000 cash prize and enters Facebook 'Hall of Fame'

Furrmore, Muthiyah shared screenshot of an email he received from Facebook. He also said that Facebook security team has w resolved issue. He also thanked Facebook security team for rewarding him through its bug bounty program. Facebook has also ackwledged his contribution to its Hall of Fame for 2019.

Advertisement

Industry reactions

" biggest challenge with most apps and cloud-based services is ir ability to maintain latest software updates: As software becomes outdated, new application updates are created to improve functionality or security, and bugs in programming get m fixed. If se updates are t ministered quickly and properly, vulnerabilities do occur," said Diwakar Dayal, Managing Director of cybersecurity company Tenable.

12:37 IST, August 27th 2019