Chuck Bednar for redOrbit.com – @BednarChuck
Let’s face it, folks: YouTube is a modern-day cultural treasure. After all, where else on the Web could you see video footage of a dancing man in a horse costume cooking wild mushrooms (you know, besides Vimeo, Dailymotion, Vevo, Flickr, Break…)
That’s what makes it so frightening to learn that it could have all been lost forever in the blink of an eye had it not been for the efforts of software developer Kamil Hismatullin, who detected and reported a vulnerability that could have allowed someone to delete every video on the site.
Our beloved YouTube videos were seriously vulnerable
According to PC Gamer, Hismatullin found the security flaw as part of Google’s Vulnerability Research Grants program. That program, which launched in January, provides software experts with grants in exchange for help finding out how hackers could access specific applications.
The concept behind the grants is to encourage researchers to find and report various bugs and security issues so that Google can fix them as quickly as possible. In February, Hismatullin was selected for a $1337 grant, and decided to focus his efforts on YouTube Creator Studio.
It took him less than seven hours of research to discover a logical bug that allowed him to unlock the ability to easily nuke any video on YouTube (or even all of them, if he so desired) by making just a one simple request to the Creator Studio’s live-events/broadcasting system.
Fortunately, Hismatullin was there to save the day!
After reporting the issue to Google’s security team, Hismatullin posted a video of the exploit in action to the streaming website itself. He said that officials at the Mountain View, California tech giant responded quickly, even though it was early Saturday morning there at the time.
Hismatullin explained that, in the wrong hands, the vulnerability could have created “utter havoc in a matter of minutes” by extorting people or disrupting the content-sharing service by “deleting massive amounts of videos in a very short period of time.”
For his efforts, the security researcher was awarded $5,000, the normal rate for discovering a logic flaw or bug that bypasses significant security controls in a normal Google application under the company’s current rewards program. Those awards range from $500 to $20,000 based on the severity of the issue and the type of program they are discovered in, the company added.
For cool science video content, check out our YouTube channel, where you can watch cool lectures like this one:
—–
Follow redOrbit on Twitter, Facebook, Google+, Instagram and Pinterest.
Comments