Coder Nearly Saved The World From Bieber YouTube Videos, Instead Reported Security Flaw To Google
Justin Bieber gets a lot of hate from around the world (much of it justified IMHO), but the pop heartthrob came extremely close to having his entire YouTube channel wiped out by a nasty security issue. Russian coder Kamil Hismatullin found an exploit on YouTube that allowed anyone to delete a video on YouTube in a matter of seconds.
The exploit allowed anyone to delete a YouTube with just an event_id (which can be found from the video’s URL) and an authentication token (in this case, any token was accepted) using the YouTube Creator Studio. Once Hismatullin discovered this flaw, his immediate thought was to partake in a sinister act — clearing out Justin Bieber’s YouTube channel.
“In general I spent 6-7 hours to research, considering that couple of hours I've fought the urge to clean up Bieber's channel,” Hismatullin joked. But in the end, cooler heads prevailed and he decided to instead do the right thing and report the exploit to Google.
“Although it was an early Saturday morning in SF when I reported [the] issue, Google sec team replied very fast, since this [vulnerability] could create utter havoc in a matter of minutes in bad hands who [could use] this vulnerability to extort people or simply disrupt YouTube by deleting massive amounts of videos in a very short period of time,” Hismatullin added.
The exploit was correct in “several hours” according to Hismatullin and he received a $5,000 reward for his troubles. This isn’t the first time that the coder has received a reward from Google for discovering a security vulnerability. He previously received a $1,337 reward for discovering a remote code execution bug in Google software.
