Apple Rewards Rs 75 Lakh To This Indian Coder For Finding Out Bug In ‘Sign In With Apple’ Process!
As per the reports, a 27-year-old Indian security researcher Bhavuk Jain has grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero-Day vulnerability in the Sign in with Apple account authentication.
How Did This Happen?
Bhavuk Jain, who holds a bachelor’s degree in electronics and communication, has grabbed $100,000 (over Rs 75.5 lakh) from Apple for discovering a now-patched Zero-Day vulnerability in the Sign in with Apple account authentication.
Basically, the Zero-Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.
So, Jain discovered the Zero-Day bug in ‘Sign in with Apple’ that affected third-party applications that were using it and didn’t implement their own additional security measures.
Further, the Zero-Day vulnerability could have allowed a hacker to break into an Apple user’s account who log into third-party apps like Dropbox, Spotify, Airbnb and Giphy (now acquired by Facebook) and more.
What Does Bhavuk Jain Say?
According to Jain, “This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not,”.
He further announced, “For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program,”.
Currently, Jain is a full-time bug bounty hunter “trying to make the internet a safer place for everyone” and also is a full-stack developer interested mostly in mobile app development using React Native.
What Is ‘Sign in with Apple’ Program?
The first time launched in 2019, ‘Sign in with Apple’ is aimed to be a more privacy-focused alternative to third-party logins.
Moreover, Mr. Jain disclosed the flaw to Apple which led to an award from Apple’s bug bounty program and Apple has since patched the bug.
According to Mr. Jain, the ‘Sign in with Apple’ works similarly to ‘OAuth 2.0′, he said “There are two possible ways to authenticate a user by either using a JWT (JSON Web Token) or a code generated by the Apple server. The code is then used to generate a JWT,”.
What Was The Flaw?
During the second step, while authorizing, Apple gives an option to a user to either share the Apple Email ID with the third-party app or not.
In case, the user decides to hide the Email ID, Apple generates its own user-specific Apple relay Email ID.
Mr. Jain said, “Depending upon the user selection, after successful authorization, Apple creates a JWT which contains this email ID which is then used by the 3rd party app to log in a user,”.
As per Mr. Jain’s findings, users could request JWTs for any email ID from Apple and when the signature of these tokens was verified using Apple’s public key, they showed as valid.
He further noted, “This means an attacker could forge a JWT by linking any Email ID to it and gaining access to the victim’s account,”.
Moreover, the impact of this vulnerability was quite critical as it could have allowed a full account takeover.
Many developers have integrated Sign in with Apple since it is mandatory for applications that support other social logins.
Apple did an investigation of their logs, before patching the bug and determined there was no misuse or account compromised due to this vulnerability.