Ezequiel Pereira detailed how he found the security bug in Google’s AppEngine server while he was in winter vacation. According to him he got bored one day and through trial and error he was able to discover a point of access to part of internal Google infrastructure. With this security hole found he could do things like accessing the dashboard for Google’s technology support team without being authenticated.
Google’s Vulnerability Rewards Program Technical Lead, Eduardo Vela, explained that the company found a similar bug which was recently fixed. However, Ezequiel Pereira, of Montevido, discovered a part that wasn’t fixed correctly. As a result he was able to grant himself access to Google’s AppEngine. The 17-year-old high school student, who received his first computer only at the age of 10 through a government program, received an email letting him know he won the $10,000 award while riding the bus home from school.
Google Bug Bounty program, last year in review
When asked about how he feels Ezequiel responded: “The thing I love of computers is that they are capable of doing everything if you give them enough resources and you know how to tell them to do anything… Homework is boring. Looking for bugs is fun.”