‘Clean up Bieber’s channel’? Bug found that could remove any video on YouTube
A Russian software developer has detected a security flaw, which could have allowed him to remove any video on YouTube in a matter of seconds. And he says he was close to doing just that.
Kamil Hismatullin, 21, joked he “fought the urge” to
erase Justin Bieber's channel for a couple of hours, but chose to
report the bug to Google instead.
It took the security researcher from Kazan, the capital of Russia’s Republic of Tatarstan, about 7 hours to identify the vulnerability in Google's Application Programming Interface (API). He collected $5,000 for his research, the maximum award for this kind of discovery.
Hismatullin wrote on his blog that the bug could
"create utter havoc in a matter of minutes in bad hands who
[could have] used this vulnerability to extort people or simply
disrupt YouTube by deleting massive amounts of videos in a very
short period of time."
He said he was surprised at how quickly Google responded after he reported the bug.
"Although it was an early Saturday morning in SF when I reported the issue, Google’s tech team replied very fast," he wrote.
“It was fixed in several hours, Google rewarded me $5k and luckily no Bieber videos were harmed.”
Google launched its Vulnerability Research Grants in January to offer financial grants to "top performing, frequent vulnerability researchers as well as invited experts" in exchange for research into potential flaws of certain applications.
While many said Google's award of $5,000 is less than Hismatullin deserves for his finding, the bug hunter said that security research is only his hobby, which he enjoys doing regardless of how much he is paid.