Published on 01/11/2020 10h01.
Problem would have allowed theft of profiles through links, but discovery brought a solution without leaving users at risk.
Wake up City
Mining student Andres Alonso Bie Perez, 14, was surprised last September 15 with the news that he would receive a $ 25,000 prize from Facebook as a reward for discovering a security breach on Instagram and reporting the problem to company security team.
Facebook, like many other companies, has a “bug bounty” program to reward and reward information about vulnerabilities in its services.
Andres, who heard about the opportunity by watching videos on YouTube, expected to receive a maximum of $ 1,000 for what he had found.
“I was fine and received the notification from Facebook and the amount. I didn’t expect such a high amount,” said Andres.
The teenager already intended to take the time to look for flaws and participate in Facebook’s “bug bounty” program, but the discovery that earned him the award came while creating a mobile app. “At that time, I wasn’t looking,” he reveals.
Whoever decides the amount paid for the failures reported to these “bug bounty” programs is always the company. In the case of Facebook, the average payment is US $ 1,500 (about R $ 8,000).
The company confirmed the payment to the Brazilian and thanked the collaboration, in addition to pointing out that the breach was not exploited in attacks.
“The researcher reported an issue that could allow malicious code to be sent through a Spark AR filter that could grant access to a person’s Instagram account via the platform’s web client. Thanks to the report, we fixed the flaw and we found no evidence of abuse, “the social network said on the blog.
It was not the first time that Andres participated in this type of program, but until then he had only received words of thanks from the companies involved.
How the flaw was discovered
Andres wanted to create an application capable of replicating certain Instagram image filters that are only available on the computer – which forced him to understand how the service works.
When he analyzed the method used to create these filters, he realized that the links could be manipulated to include any code on the Instagram page.
As a rule, websites cannot allow others to control the code loaded on the page – which characterizes a vulnerability.
“I was making an application that needs to integrate with Instagram filters and I needed to know how it created the filter links. For that I had to study the application and saw that it had the possibility of being [uma falha]. I tested it and it worked “, he explains.
Parents encourage: ‘He does what he likes’
Andres started studying programming on his own three years ago. He started to have more contact with computers in a graphic design course at the age of 9 and today he knows programming languages for websites and applications.
In 2019, the teenager won a silver medal at the Brazilian Informatics Olympiad (OBI) organized by the State University of Campinas (Unicamp) and the Brazilian Computing Society (SBC), but left the programming course after 6 months because the content was repeating topics that he had already studied through videos on YouTube.
Andres’s mother, Helenice Luzia Perez, explains that the idea of studying graphic design came from her son and that he did not have the same motivation to participate in other types of courses.
“He chooses what he wants to do. Because, if I put it on my part, he didn’t like it, didn’t study, said it was boring. I ended up learning from him that he has to do what he likes. And I do my best, I even cut expenses, so he can take courses in his area, because I know he is responsible. When he says he wants something, he will take it seriously “, says the mother.
Helenice says that her son had no interest in studying English when he was a minor. Now, Andres already sees the benefits: contact with the Facebook security team depends on the foreign language, which he has been studying for two years.
The teenager says he intends to continue experimenting with the creation of applications – to “see if any ideas will work” -, but wants to deepen his knowledge in digital security to work in the area.
The Facebook award can help. A fraction of the money was used to buy a new computer, but Andres also thinks about the future. “The rest I will save and invest a part”, he plans.
These were the details of the news 14-year-old Brazilian receives R $ 130,000 as a reward after helping... for this day. We hope that we have succeeded by giving you the full details and information. To follow all our news, you can subscribe to the alerts system or to one of our different systems to provide you with all that is new.
It is also worth noting that the original news has been published and is available at time24.news and the editorial team at AlKhaleej Today has confirmed it and it has been modified, and it may have been completely transferred or quoted from it and you can read and follow this news from its main source.