security

Apple gives shout out to teenaged, self-taught US coder who alerted them to iPhone security risk – The Star Online


Giyas Umarov wasn’t happy when his mom put a screen time limit on his iPhone from her device a few years ago, but he figured out a work around.

Then 10, Umarov plugged her phone into a computer and used a program to learn her passcode and change the parental controls.

“He was messing with me, and I couldn’t do anything about it. I still use screen time, but I can’t for him, only for my other kids,” said Giyas’ mother Dilek Umarov.

Flash forward five years, and now Umarov, 15, has been recognised by Apple on their website for using his tech skills for good.

The Holmdel High School sophomore says he emailed the company last year alerting them to an iPhone security bug and offered a few ways to fix the problem. Eight months later, an Apple representative reached out to him informing him the issue had been patched in the latest iOS 14 update released in September, and they wanted to thank him formally for his help.

Umarov appears first on a list of people recognised by Apple for assisting with security content in the update. Beneath the high schooler’s name are technology professionals from Silicon Valley firms and global institutions like Amazon Alexa, Google and a Saudi Arabian university.

“We would like to acknowledge Giyas Umarov of Holmdel High School for their assistance,” the one sentence recognition reads.

Apple declined to comment further on the role Umarov played in the update.

A quiet, modest teen, Umarov said he discovered the bug in 2019 when he learned he could generate QR codes online, but alter them so they prompt realistic-looking pop-ups on a phone when scanned. Upon unlocking the device, the screen would be hit with an unwanted pop-up that looked trustworthy, asking, for instance, for a user to install an app or software of Uramov’s choice.

Typical of a teenage boy, Umarov used his new finding to annoy his younger brothers, swiping their phones and scanning QR codes that he manipulated when they weren’t looking. If they clicked “install” on the pop-up after putting in their passcode later, then a blank app would appear on their home screen, Umarov said.

But others with worse intentions, he says, could have used the security bug for more sinister purposes, such as to cause a distributed denial-of-service attack – an attack that involves the hijacking of hundreds of devices, which are used to flood the Internet connection of a targeted server or computers.

“This could have been used to cause (a DDoS attack), which means the user that unlocks the device wouldn’t be able to fully use it until the pop-up or pop-ups go away. It could’ve also been used to distribute possibly harmful software or messages, since the person that does it can control what software and its title is to be used,” Uramov said.

In a follow-up email to Apple’s product security team, Uramov said he offered a few possible solutions. One, he said, was to not allow QR codes to be scanned without first unlocking the device.

He is unsure, however, how the company ultimately resolved the issue, but glad he could contribute.

The 15-year-old is a member of the Holmdel High School Technology Student Association and took part in the 2019 New Jersey Technology Student Association competition.

His mom believes, admittedly superstitiously, that a love for science is in his blood.

She said Uramov was named after his great-grandather, Uramov Giyas Yakubovich, an Uzbekistan physicist born in 1921 who studied modern sources of energy.

Despite his interest in tech, Uramov has never taken a coding class and doesn’t plan on it.

Instead, he teaches himself. He checked out a book about programming from the Libby app – a virtual library – called Beginning Programming With C For Dummies and reads in his free time, when he’s not riding his bike.

“I’m still working my way through it. It’s pretty big, like a textbook,” he said. “Coding classes are scheduled, but I can read my book any time I want… I don’t want to feel like I have to do it. I just do it because it’s interesting.” – NJ Advance Media Group, Edison, N.J./Tribune News Service





READ SOURCE

Leave a Reply