icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
4 Apr, 2015 12:46

‘Clean up Bieber’s channel’? Bug found that could remove any video on YouTube

‘Clean up Bieber’s channel’? Bug found that could remove any video on YouTube

A Russian software developer has detected a security flaw, which could have allowed him to remove any video on YouTube in a matter of seconds. And he says he was close to doing just that.

Kamil Hismatullin, 21, joked he “fought the urge” to erase Justin Bieber's channel for a couple of hours, but chose to report the bug to Google instead.

It took the security researcher from Kazan, the capital of Russia’s Republic of Tatarstan, about 7 hours to identify the vulnerability in Google's Application Programming Interface (API). He collected $5,000 for his research, the maximum award for this kind of discovery.

Hismatullin wrote on his blog that the bug could "create utter havoc in a matter of minutes in bad hands who [could have] used this vulnerability to extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time."

He said he was surprised at how quickly Google responded after he reported the bug.

Photo from vk.com/kamil1

"Although it was an early Saturday morning in SF when I reported the issue, Google’s tech team replied very fast
," he wrote.

“It was fixed in several hours, Google rewarded me $5k and luckily no Bieber videos were harmed.

Google launched its Vulnerability Research Grants in January to offer financial grants to "top performing, frequent vulnerability researchers as well as invited experts" in exchange for research into potential flaws of certain applications.

While many said Google's award of $5,000 is less than Hismatullin deserves for his finding, the bug hunter said that security research is only his hobby, which he enjoys doing regardless of how much he is paid.

Podcasts
0:00
29:12
0:00
28:18