Student earns a bounty hunting software bugs

Student earns a bounty hunting software bugs

Pratheesh P Narayanan, a student of Sree Narayana College of Engineering, Kadayiruppu, does not spend much time on social media. But the limited hours that he dedicates for the purpose benefits the mega companies managing the networks, as he spots bugs in various software and is rewarded well. He earns money to fund his education with this effort and has already located four bugs in WhatsApp messaging platform and Android mobile operating system. The firms have paid him around Rs 2 lakh.

An initiative that rewards individuals for discovering and reporting software bugs is called the bug bounty program. It is also called a vulnerability rewards programme. A bug is a coding error in a computer programme.

Citing flaws

Flaws in the software platforms of even big tech firms have the potential to destroy electronic devices. Pratheesh locates these flaws and informs the tech firms about it. When the firms confirm the problem, they take steps to solve it and rewards Pratheesh. The firms then ask techies like Pratheesh who located the problem themselves to check whether it still exists.

A large of community of bug hunters is busy finding flaws on the cyberspace, says Pratheesh. It consists of mainly students and professionals, but the number of such hunters is limited in India. The situation in Kerala also is not encouraging. Pratheesh said that there is a big scope for students in this domain.

The flaw in Android

iPhones earlier suffered from a strange problem. When a message containing a particular Telugu character was sent, the phone was left hanging. iPhone later corrected the issue, but Pratheesh found that a similar flaw existed in Android phones also. He noticed that the phone itself may conk off if the message had this special character. Even if the phone is reset, all the data will be lost, pointed out Pratheesh to Google, which solved the issue during its October update. He received 1,000 US dollars (around Rs 74,000) for his efforts that saved innumerable Android devices around the world.

However, it was identifying a technical flaw in WhatsApp that was Pratheesh’s first effort in the field. This was in last June and the correction was done within one month. But similar issues appeared on WhatsApp again soon. These problems were also identified by Pratheesh and he alerted the officials at WhatsApp. The youth located a loophole which could block WhatsApp web on a computer. He realised that by knowing the mobile number of a person, a hacker could prevent access to WhatsApp web through WhatsApp account. When he located this flaw, Pratheesh immediately informed Facebook, the parent company of WhatsApp, about it. The problem was finally solved last week.

A part-time job

Pratheesh considers bug hunting as a part-time job. When a flaw is identified, it has to be decoded and analysed. “Anybody interested in coding can do this, but it may take some time to learn the process,” the youth said.

It is only during the weekend – on Fridays, Saturdays and Sundays – that Pratheesh uses social media for bug hunting. If the flaw could lead to crashing of the phone, its video and log have to be sent to the special platform provided by the respective company for the purpose.

Pratheesh, who tries to inspire his friends too to take up bug hunting, now dreams about a posting in a big tech firm.

The comments posted here/below/in the given space are not on behalf of Onmanorama. The person posting the comment will be in sole ownership of its responsibility. According to the central government's IT rules, obscene or offensive statement made against a person, religion, community or nation is a punishable offense, and legal action would be taken against people who indulge in such activities.