ALSO READ: Assam highway from Narengi to Bhakatgaon renamed after Homen Borgohain. Speaking to The News Mill, Das said: “I was creating a software when I faced some issues. I was trying to solve the problem which led me to this particular vulnerability. I reported it to Google in May, 2021 and since then we were exchanging information. After almost six months, Google rewarded me USD 5000 for reporting the bug. Currently I cannot disclose much of the technical part of the issue.” Das added that Google has allowed him to speak only this much on the vulnerability.
Rony Das, a security engineer from Bongaigaon, has received a USD 5000 bounty from Google for reporting a vulnerability in their Android platform. Rony Das, who has been interested in information security since he was a child, has discovered a weakness in the Android Foreground Services that might be used by banking malware, among other things, to access user data. He first informed Google about the flaw in May of this year. As a one-time exception, the top IT corporation recognised the security researcher’s work and awarded him USD 5000 (about Rs 3.7 lakh). “As a token of our appreciation for your efforts, we’d like to present you a $5000 discretionary bonus.” In a reply to Das, Google added, “Please note that this is a one-time exception to our standard protocols as a thank you for the high-quality submission and follow-up information you supplied.”
Das said that the vulnerability could run background processes in Android without the detection of the users. “The bug I found defeats the purpose of having Android Foreground Services. My exploit bypasses this process and able to access the hardware APIs (such as camera, microphone & location) from the background without letting the user knowing or notifying anything,” Das told The News Mill, without explaining the details of the flaw as he is not allowed to reveal further on the issue. Raimona National Park in Assam gets support for sustainable community tourism
He added that the bug is fixed in the upcoming Android versions.
Rony Das, who is currently working as a security engineer for Bengaluru-based AI company, Eder Labs, has earlier reported security issues in various government and non-government websites. When he was in Class 12 in 2015, Das reported security vulnerabilities in the website of Gauhati University. “I am a self-learner and hope that with proper education I will be able to be an information security expert and serve the country. With regular news of web hacks by hackers from other countries, India should better its stealth. Hope I achieve my aim some-day,” he had told this reporter then.