Google pays Kerala college student for finding bugs

Washington: If you grew up in the 90's, the first generation to actually start using computers, you'd be familiar with glitches.

Whether it happened on original browser, Internet Explorer, or one of the various games you played on CDs, glitches were common. They even happened on Microsoft Word. (Remember 'The Quick Brown fox... ?)

Over the years, however, glitches slowly started disappearing. Your experience has become faster, smoother.

But some still do exist - and a Kerala man has been cashing in on spotting and reporting the bugs, Pratheesh Narayanan, a final year B. Tech. student at Sree Narayana Gurukulam College of Engineering, in Ernakulam recently reported a bug to Google, which won him a bounty of 10,000 dollars (Rs 7.6 lakh). The bug, tracked CVE-2019-2232, has been recently fixed.

The bug, Narayanan explains in a post on his LinkedIn, "would have allowed a remote attacker to perform Permanent Denial of Service attacks on Android Devices."

In simpler terms, what this bug does is crash someone elses phone, when you send them a contact card. The contact card, isn't a regular one.

It's when you randomly key-smash a series of characters, for example "dbjaduhhudsahdshjdsayugdasgusadbhjdshbasdgttsdgsdbhjdsnjdsjndsjdsjjdsnjdsmjds" into a name, and add multiple number of fields ('Home', 'Work') to it.

Because a phone couldn't recognise n-character name when you send him the contact card, their phone ends up crashing.