City techie reaps rewards for bug bounty hunting

Each time you are trying to log in to your Facebook and Instagram accounts, there are dozens of hackers out there trying to guess your password and get access to your data. What if there was a bug in the social media app that you used, that its makers themselves were unaware of, which allowed such hackers to get hold of your account with very little effort? These are the grey areas where cyber security experts like Chennai-based Laxman Muthiyah come in and shine, as they make the digital platform aware of its flaws, while keeping the hackers at bay.

Laxman, who has been working on internet security and software making for the past six years, recently managed to hack the photo and video sharing platform Instagram to report a vulnerability in the mobile app. The loophole, which allowed anyone to predict an account’s passcodes, won the young techie $10,000 as part of Instagram owner Facebook’s bounty programme. A similar exposé earlier won him another $30,000 from Facebook for helping the tech giant fix a flaw in Instagram, through which anyone could hack an account within 10 minutes. So, how is Laxman able to find these chinks in the tech armour that the apps aren’t able to?

“It was when I was pursuing Bachelors course in computer science in 2013 that I attended a workshop on hacking and cyber security. I learnt about the bug bounty programme offered by various technology companies. Since then, I began looking at the technology platforms for any potential flaws in them. In 2015 I managed to have a breakthrough when I found that I could delete any photo album of a person on Facebook and another time discovered that privately shared photographs on Facebook could be accessed by third party apps,” recalls 26-year-old Laxman, speaking to DT Next. He also runs a software and cyber securityfirm in the city.

Laxman’s efforts in 2015 to help Facebook fix these flaws made him win $12,500 and $10,000 through two bounties. “I often work on a platform called Burp Suite, a tool to test the security of an app, along with browsers like Google Chrome and Firefox. There are many times when I don’t find any flaws, and don’t know for sure what I might find. But, when I find any anomaly, I report it to the tech companies. While it took me about a month to find a flaw in Instagram, it took the company two months to rectify it, after which they rewarded mewith the bounty,” elaborates Laxman.

He has been named by Facebook as one of the 130-odd people from around the world, who have pointed out flaws to make it safer from hacks. The tech expert suggests that sharing photos on social media publicly makes it easier for any bad guys to misuse them. “Public photos can be misused, as they are accessible to everyone, including the bad guys. If one wants to protect his or her information, sharing the pictures with private settings can be a safer way to do it,” remarks Laxman. The young techie is keen to continue working on cyber security issues to make social media less vulnerable to data breaches.