Bongaigaon-born security engineer, Rony Das, has won a bounty of USD 5000 from Google for reporting a vulnerability in their Android platform.
Rony Das, who is an information security enthusiast since a young age, has reported a bug in the Android Foreground Services which could be exploited by banking malwares, among others, to hack into user data.
He first reported the vulnerability to Google in May this year. The top tech company acknowledged the efforts of the security researcher and rewarded him USD 5000 (approx. Rs 3.7 lakh) as a one-time exception.
“As a recognition of your efforts, we would like to offer you a discretionary reward of $5000. Please note that this is a one-time exception to our normal procedures as a thank you for the high-quality submission and follow up information you provided,” Google said in a note to Das.
Speaking to The News Mill, Das said: “I was creating a software when I faced some issues. I was trying to solve the problem which led me to this particular vulnerability. I reported it to Google in May, 2021 and since then we were exchanging information. After almost six months, Google rewarded me USD 5000 for reporting the bug. Currently I cannot disclose much of the technical part of the issue.” Das added that Google has allowed him to speak only this much on the vulnerability.
Das said that the vulnerability could run background processes in Android without the detection of the users.
“The bug I found defeats the purpose of having Android Foreground Services. My exploit bypasses this process and able to access the hardware APIs (such as camera, microphone & location) from the background without letting the user knowing or notifying anything,” Das told The News Mill, without explaining the details of the flaw as he is not allowed to reveal further on the issue.
He added that the bug is fixed in the upcoming Android versions.
Rony Das, who is currently working as a security engineer for Bengaluru-based AI company, Eder Labs, has earlier reported security issues in various government and non-government websites.
When he was in Class 12 in 2015, Das reported security vulnerabilities in the website of Gauhati University. “I am a self-learner and hope that with proper education I will be able to be an information security expert and serve the country. With regular news of web hacks by hackers from other countries, India should better its stealth. Hope I achieve my aim some-day,” he had told this reporter then.