Indian hackers win $22000 Google bug bounty for uncovering major vulnerabilities | Tech News

Indian hackers win $22000 Google bug bounty for uncovering major vulnerabilities

Two Indian hackers have won a cash prize of more than $22000 in bug bounty after they found major flaws in Google Cloud Program (GCP) projects.

| Updated on: Jan 20 2023, 21:48 IST
Google BEST apps of 2022 announced! Check out Tablets, Chromebooks, Wear
image caption
1/5 Google says that 2022 marked the post-pandemic era for many across the world – and in India too, people once again opened themselves to the possibilities and experiences of the outside world while continuing to depend on digital solutions for support across many of their needs. (Unsplash)
Google bug bounty
2/5 The winner of the Best Chromebooks app is BandLab – Music Making Studio, which is a free music recording and leading social music creation platform with more than 50 million users worldwide. (Unsplash)
image caption
3/5 BandLab is an app that lets users share music, no matter their skill level or background. The app also has a multi-track Studio, a music maker that lets you record, edit, and remix your music. (Google Play Store)
image caption
4/5 The best Tablets apps is the ‘Pocket: Save. Read. Grow.’ This app will help to capture the content that comes at you all day long, and curate your own space filled with only the topics you care about. You can save the latest stories, articles, news, sports, and videos from any device, and any publisher or app. (Google Play Store)
image caption
5/5 Google announced the best for Wear apps is the "Todoist: to-do list & planner." The app is a delightfully simple yet powerful task planner. It will even provide a work-life balance kind of service. (Google Play Store)
Google bug bounty
icon View all Images
Google bug bounty worth $22000 won by Indian hacker duo. (AFP)

Two Indian hackers have won a total cash reward of more than $22000 as bug bounty from Google. Bug bounties are rewards, usually cash prizes, given by major tech companies to individuals who identify an error or vulnerability in their computer program or system. These particular bug bounties were awarded by Google to the Indian hacker duo for finding major security vulnerabilities in its Google Cloud Program (GCP) projects. Among them, the biggest bounty was a server-side request forgery (SSRF) bug and subsequent patch bypass which earned them a cool $5000.

The two Indians who won the bounties are Sreeram KL and Sivanesh Ashok who are both part of Google Vulnerability Rewards Program (VRP). Sivanesh also posted a blog detailing the bugs and how they came across them. Posting about it on Twitter, he said, “A write-up about how

@kl_sree and I found a bug in Google Cloud that allowed us to takeover a victim's compute engine VM”.

Indian hacker duo find vulnerabilities in Google

The SSRF bug is especially a dangerous vulnerability to have. By abusing this vulnerability, hackers could trick victims into opening malicious links and take control of their GCP projects remotely.

Sivanesh pointed out in his blog, “Since there was no random token or CSRF protection, anyone could craft a link and send it to a Compute Engine user to create a new user in their instance…making a victim open a malicious link would add the attacker's username and SSH key into their computer”.

However, people do not need to worry about it as after the security risk was flagged, Google has released a patch that takes care of the issue. Alongside, the two Indians also uncovered a bunch of more vulnerabilities.

Speaking with Daily Swig, Sreeram said, “While finding this issue, we gained insight into the workings of managed GCP products, which helped us find other bugs in GCP”.

What is Google VRP

Google Vulnerability Reward Program (VRP) is a formal process to reward the contributions from external security researchers towards finding out security risks and providing patches for them. As long as a security researcher follows the guidelines of Google, anyone can participate and flag a vulnerability and get a reward from Google.

Catch all the Latest Tech News, Mobile News, Laptop News, Gaming news, Wearables News , How To News, also keep up with us on Whatsapp channel,Twitter, Facebook, Google News, and Instagram. For our latest videos, subscribe to our YouTube channel.

First Published Date: 20 Jan, 21:47 IST