Finnish kid who said he wishes to be a security expert when he grows up exposed a flaw in Instagram that allowed him to tamper with anyone’s comment.
A 10-year old Finnish kid has emerged as the youngest ever to benefit from Facebook’s bug bounty program after having successfully hacked Instagram, a feat that earned him a cool $10,000, Forbes reported.
Jani, as the boy is being referred to here demonstrated how he was able to delete any comment on the photo sharing medium just by altering some codes. The kid, who aspires to be a security expert himself later submitted his report to Facebook earlier in the year. The kid also deleted a comment that Facebook has posted on a test account to further back his claims.
“I would have been able to eliminate anyone, even Justin Bieber,” Jani had later boasted to the Finnish publication Iltalehti.
The flaw was plugged around end February and the reward handed over to Jani the following month. The social media giant later reported the bug lay in a private application programming interface which essentially is a portion of the code that offered a small window for external interaction. However, there weren’t proper security checks built-in for the application to enforce the basic ruling whereby a user is only able to delete or alter his/her own comment and not someone else’s.
Jani later revealed he had honed his hacking skills watching YouTube videos. However, he will also be spending more time with the new football gear and bike that he intends to buy with the bounty cash besides also buying new computers for his brothers.
As for Facebook’s bug bounty programme, this has been an open challenge of sorts for hackers to test the security measures adopted by Facebook in its various applications in return for rewards. However, the program intends to pay the successful hacker on the basis of the severity of the bug and the risk it poses rather than the complexity of the bug itself. Over 800 researchers have already been paid more than $4.3 million since the program has been in existence since 2011.