64th Day Of Lockdown

Maharashtra54758169541792 Tamil Nadu177289342128 Delhi152577264303 Gujarat148297139915 Rajasthan76804341172 Madhya Pradesh70243689305 Uttar Pradesh67243824177 West Bengal40091486283 Andhra Pradesh3117206558 Bihar300680014 Karnataka240576245 Punjab2106191840 Telangana1991128457 Jammu and Kashmir175983324 Odisha15937337 Haryana130582416 Kerala9645426 Assam683634 Jharkhand4261534 Uttarakhand400644 Chhatisgarh360790 Chandigarh2781874 Tripura2321650 Himachal Pradesh223634 Goa67280 Puducherry49170 Manipur3940 Meghalaya20121 Nagaland900 Arunachal Pradesh210 Mizoram110 Sikkim100
Lifestyle Viral and Trending 24 Jul 2019 City-based techie re ...

City-based techie reports bug on instagram, gets reward

Published Jul 24, 2019, 12:16 am IST
Updated Jul 24, 2019, 12:16 am IST
Laxman Muthiyah of Chennai gave netizens around the world more reasons to be careful on social media and also won a reward for it. DC reveals more.
Laxman Muthiyah
 Laxman Muthiyah

Tech savvy Laxman, a security researcher, received a whopping $30,000 cash prize from Facebook for finding a bug on social networking service company, the  Facebook-owned photo-sharing app Instagram, when he took part at a bug bounty programme

"The bug I found enabled me to hack into anyone's account", says the youngster.


Explaining how he figured out this vulnerability, Laxman says, “When any user wants to log in or asks for a password reset of a random account without knowing the original password, he/she is required to enter his/her username and a 6 digit code sent to his/her registered mobile phone number. I tried this out with my own account to alert the service providers to the flaws in the system. As I started entering random codes to get the permit to reset my password, my IP got locked after 40/ 50 time. Then I moved on to cloud computers and used 1000 such computers, and after sending 2 lakh codes, I was successful and the system unlocked the option for a reset. I did not have to send 10,00,000 codes which is the minimum required for any password reset.”

He shot a video of himself doing the entire process and sent it to Facebook’s security team, shortly after which the team acknowledged the faulty system and started working on it.

This is not the first victory for this security researcher.  “I had participated in a  programme in 2015 in which I showed them how it was possible to delete any picture album from Facebook.  Options to view the pics saved on users’ phones and not uploaded on Facebook, was another security breach I had pointed out.”

When asked about security flaws which still concern him, Laxman asserts, “Earlier there was a hidden feature on the Facebook app called photo back-up which would automatically send your photos to the site’s server as soon as you log in through the app and give them the permission to access your phone’s media files. You needed to turn it off manually. But now anyone could view your pic through any third party application. After I reported it, the feature was removed.”

Laxman has a piece of advice for all the internet users who are not much aware of how much their safety could be at stake. “I always advise internet users to turn on the 2-factor authentication feature. This feature keeps your data safe.”

Speaking about his other interests, Laxman says, “I am always exploring and learning the latest technology and this makes me happy,” says the expert who has a degree in computer engineering. “I had worked as a web-developer for a year in 2015, but I had always wanted to have an organisation of my own and I now own a web developer company”.