In a surprising turn of events, a loophole in Facebook’s SMS-based two-factor authentication (2FA) system found its way into Meta’s notable bug bounty discoveries for 2022. The vulnerability, initially undervalued, prompted Facebook’s parent company to revise the bounty from an initial $3,000 to a substantial $27,200.
According to security researcher Manoj Gautam, the absence of rate limit protection during contact point verification allowed attackers, armed only with a victim’s phone number, to add the 2FA-enabled phone to their Instagram-linked Facebook account.
Hacker Duo Strikes Gold: $22,000 Bounty from Google Cloud Platform
In a separate development this month, a dynamic hacker duo, Sreeram KL and Sivanesh Ashok, uncovered and documented vulnerabilities in Google Cloud Platform (GCP), resulting in payouts exceeding $22,000. Their most lucrative discovery involved a double $5,000 reward for identifying a server-side request forgery (SSRF) bug and successfully bypassing the subsequent patch in the machine learning platform Vertex AI.
The duo’s exploits, detailed across four blog posts, also encompassed an SSH key injection flaw in Google Cloud’s Compute Engine, along with vulnerabilities in Theia and Cloud Workstations.
Inside the Lucrative Vertex AI: $5,000 Payouts and Authorization Token Seizures
The pinnacle of Sreeram KL and Sivanesh Ashok’s success was the uncovering of vulnerabilities within Vertex AI, Google Cloud’s machine learning training and deployment platform. Bagging a pair of $5,000 payouts, they exploited an SSRF bug and successfully executed a patch bypass.
In Sreeram’s blog post, he delved into the flaw residing in Vertex AI’s workbench feature, designed for creating Jupyter notebook-based development environments on the cloud. By manipulating the SSRF vulnerability and enticing victims to click on a malicious URL, attackers could potentially seize control of an authorization token, subsequently gaining access to all of the victim’s GCP projects.
Unveiling the SSRF Bug: Manipulating URLs and Gaining Authorization
When the researchers stumbled upon a promising URL for SSRF, requesting the original URL produced a response resembling the output of an authenticated request sent to compute.googleapis.com. Sreeram highlighted, “From previous experience, I know these endpoints use the authorization header for credentials.”
Identifying potential targets for attack was made easier by the revelation that a victim’s subdomain could be readily ascertained. Subdomains were found to be leaked to third-party domains like github.com via referer in the general application flow.
Google swiftly addressed the issue by implementing cross-site request forgery (CSRF) protection to the GET endpoints and enhancing domain verification.
In a landscape where cybersecurity is paramount, these discoveries highlight the ongoing efforts to fortify digital platforms against ever-evolving threats. As researchers continue to expose vulnerabilities, the tech industry remains vigilant in its pursuit of robust security measures.
Ongoing Vigilance: Strengthening Digital Fortresses in the Face of Cyber Threats
In the relentless pursuit of digital security, the recent revelations of vulnerabilities in major platforms underscore the critical role played by bug bounty programs. Meta’s rewarding response to the 2FA flaw showcases the importance of acknowledging and valuing the efforts of security researchers in fortifying online ecosystems.
Meta’s Bounty Response: A Lesson in Recognition
The evolution of Meta’s bounty for the Facebook 2FA loophole—from a modest $3,000 to a substantial $27,200—serves as a lesson in recognizing the gravity of security findings. Manoj Gautam’s discovery highlighted the significance of addressing vulnerabilities promptly, ensuring that potential threats are neutralized before they can be exploited.
Hacker Duo’s Exploits: Navigating Google Cloud’s Complex Terrain
Meanwhile, the exploits of Sreeram KL and Sivanesh Ashok within Google Cloud Platform shed light on the intricate landscape of cloud security. Their successful navigation through vulnerabilities in Vertex AI, Compute Engine, and other projects emphasizes the necessity of comprehensive security measures in cloud computing.
Vertex AI’s Achilles Heel: SSRF Vulnerability Exposed
The detailed account of the SSRF vulnerability in Vertex AI, as outlined by Sreeram KL, brings attention to the nuanced nature of these cyber threats. The ability to manipulate URLs and potentially seize authorization tokens underscores the sophistication of modern-day attacks. The rapid response from Google, implementing CSRF protection and refining domain verification, reflects the industry’s commitment to swift and effective countermeasures.
Collaborative Defense: A Shared Responsibility
As the digital landscape evolves, the collaboration between security researchers and tech giants becomes increasingly vital. The bug bounty ecosystem serves as a symbiotic relationship, where researchers contribute their expertise to strengthen the digital fortresses, and companies recognize and reward these efforts. This collaborative defense mechanism ensures a dynamic response to emerging threats.
In conclusion, these recent developments emphasize the ongoing battle for digital security. The acknowledgment of vulnerabilities, swift responses, and collaborative efforts between researchers and tech companies are pivotal in safeguarding our interconnected online world. The evolving nature of cyber threats requires constant vigilance and innovation, making the ongoing dialogue between security experts and technology providers more crucial than ever.
Thanks & Regards:Ashwini Kamble