Kollam: An engineering student from Kollam has bagged $16,000 (nearly Rs 11 lakh) from the Facebook team for finding a bug in the latest Facebook platform. Arun S. Kumar, fourth-year student of MES college at Chathannoor, enabled the Facebook team to fix a ‘page takeover’ bug in the latest FB for business platform.
Arun of ‘Sivavilasom’ at Mundakkal west aspires to become an expert in the cyber world. “I found a bug that can help any intruder exploit the pages owned by other people in a new platform introduced by the FB to help business, which was vulnerable,” Arun told DC.
On reporting the bug, a security team member Neal Poole informed Arun that the issue should be addressed and that they had taken down the endpoint temporarily and would remove it.
The bug was found in an option ‘transfer page’ under the FB business, which enables attachment of a specified page to another business registered under the FB business platform. “The algorithm that helps in transferring the page was wrong. The message that is transferred while doing the transfer option can be intercepted using a third party software. The ID, source and destination pages and the role of the user as manager that gives the administrator the rights are passed as parameters to the Facebook server to hack the system. The error in the system is that the page ID is not rechecked,” Arun says.
“The majority of the bounty is for the page takeover capability of your exploit, but while investigating your report, we discovered and fixed another issue as well. So the bounty is a little higher because of that,” Arun was informed. The bug has been permanently fixed within six hours after it was acknowledged.
Arun also got an invitation to visit the Facebook headquarters in the US for finding a password bug last month....