20-year-old ethical hacker Aditi Singh from Delhi received a $30,000 (about Rs 22 lakh) award for discovering a flaw in Microsoft’s Azure cloud infrastructure. Two months ago Aditi discovered a similar flaw in Facebook and received a reward of $7500 (about Rs 5.5 lakh), claims that both businesses have a remote code execution (RCE) bug, which is still relatively new and isn’t getting much notice.
Hackers can get accessibility to internal systems and the data they contain by exploiting flaws like this.
For the past two years, Aditi has been involved in ethical hacking. She started by stealing her neighbor’s WiFi password, and she hasn’t looked back since. While studying for NEET in Kota and preparing for medical entrance exams, she gained interest in ethical hacking. She did not complete medical school, but she has discovered flaws in over 40 organizations, including Tiktok, Facebook, Microsoft, Mozilla, Ethereum, Paytm, and HP, to name a few.
Aditi points out that finding flaws is difficult, and ethical hackers need to be on top of their game despite finding new flaws to report them and earn rewards. On the other hand, she emphasizes the importance of first obtaining information and studying ethical hacking, instead of focusing just on generating money.
She got letters of appreciation from Columbia University, Harvard University, the University of California, and Stanford University and has also been recognized by Google’s hall of fame.
Aditi says, “Microsoft has only fixed the bug which I spotted two months back. They have not fixed all of them,”
She was the first to report the RCE flaw and claims that it took two months for the tech giant to respond because it was checking to see if anyone had downloaded the vulnerable version. Before starting to look for a problem, Aditi recommends that users contact the business’s support team whether they have a bug bounty program, and if the company verifies that they have, bounty hunters should go forward.
When it comes to the RCE problem discovered in Facebook and Microsoft, Aditi says it is a GitHub division, and anybody may view the open-source code from these firms as developers built the code without first downloading a Node Package Manager. “Developers should write codes only after they have the NPM,” she says.