BENGALURU: Apple has awarded Indian bug bounty hunter Bhavuk Jain Rs 75 lakh ($100,000). It gave the award under its bug bounty programme, after Jain found a bug in the ‘sign in with Apple’ account authentication that would have allowed an attacker to take control of users’ accounts on third-party applications.
The 27-year-old developer spotted the bug in April and, soon after, Apple fixed the vulnerability.
“The impact of this vulnerability was quite critical as it could have allowed full account takeover. A lot of developers have integrated ‘sign in with Apple’ since it is mandatory for applications that support other social logins. To name a few that use it — Dropbox, Spotify, Airbnb, Giphy (now acquired by Facebook). These applications were not tested but could have been vulnerable if there weren’t any other security measures in place while verifying a user,” Jain wrote in a blog.
Bug bounty hunting is becoming big business. In 2019, hackers like Jain earned nearly $40 million in bounties. Hackers in India earned the second most from such hunting, behind the US.