The vulnerability management team at Instagram’s parent company, Facebook, awarded a Finnish 10-year-old $10,000 for uncovering a vulnerability in the social network. He’s the youngest white-hat hacker to uncover a vulnerability on Instagram, and he isn’t even eligible to join the social media platform for another three years.
The bounty is part of Facebook’s vulnerability management program, which, according to Forbes has paid out $4.3 million to 800 researchers worldwide. Last year alone, 210 researchers received $936,000. Facebook and Instagram then use such information to patch the security vulnerabilities and better guard how people access their services. This specific problem was in the private application programming interface, which allowed anyone to delete comments by failing to check whether the person deleting the comment was the one who posted it.
The Helsinki-based hacker, identified only by his first name, Jani, was able to delete comments posted by other users to Instagram. The Facebook vulnerability management team confirmed the hack by creating a test account with comments, which he was successfully able to delete. A spokesperson confirmed that the vulnerability was patched in February, and the payout made in March. Jani plans on buying a bike, football gear and computers for his brothers with the money.
The incident reveals the importance of effective vulnerability management procedures for companies that manage consumer-facing applications or cloud-based services, as well as for the business users accessing them. While the top social networks are generally relatively secure, allowing employees to access other potentially vulnerable applications from BYOD or corporate-issued devices poses a risk. Utilizing a mobile device management (MDM) solution to provide controls over which applications are installed, or deploying a containerization solution to separate personal and work data on the device, are two effective approaches to mitigating these risks. Security concerns can be found across both consumer and enterprise applications, which is why remaining diligent with the right solutions is key.
The Samsung Knox mobile security platform provides multilayered security from the hardware to the software. Learn more about how it can help mitigate mobile security risks for your business here.