Meet Rahul Kankrale: From A Cyber Attack Victim To Top Bug Bounty Hunter

Rahul Kankrale is a self-taught bug hunter from a village near Shirdi in Maharashtra. Kankrale, who became the victim of an online attack on his Orkut account, learnt from his life experience. After clicking on a phishing link, his Orkut account was hacked and that’s where he learnt of what hacking really is. He started researching on hacking and went on to find interesting vulnerabilities in over 1,000 websites, and has now secured his position as a top security researcher in the openbugbounty.org’s programme.

From someone whose Orkut account was hacked to a top researcher, Kankrale’s journey is nothing short of inspirational. He chose mobile security in particular because a lot of mobile applications are vulnerable to cybersecurity attacks, owing to their increase in popularity.

Having completed his Diploma in Computer Engineering, Kankrale received multiple awards, rewards and recognition from big social media companies like Facebook and Google. He was the winner of the CTF competition organised by Facebook and has presented his research in BountyCon’s joint event with Facebook and Google in Singapore.

One of his critical bug has been awarded the title of “Unique Bug of The Year” by Owasp Seaside’s bug bounty village. Most importantly he has discovered a critical vulnerability in Mitron, a TikTok mirror app, which would have led to thousands of potential accounts being hacked without the owner’s knowledge. Google has temporarily removed the app from the Play Store.

While talking about India and its ability to combat such heavy cyber attacks, Rahul believes that the government is very receptive to vulnerability reports and has acknowledged them in preventing further cyber attacks. “The government is already running the NCIIPC to track down incidents and have started tackling malware and other cyber attacks with the help of a dedicated framework and botnets,” Rahul told The420.in. 

Rahul explains that cybercrime.gov.in is also an initiative taken by the government to prevent cyber frauds with the help of common people. While the global private corporate sector is constantly evolving its cybersecurity measures, a little more engagement is needed from India’s private sector and the government.

One message he would like to give to the youth and cyber enthusiasts of India would be that a lot of interested people or people working in the field have secured the topmost positions in the sector, so there is hope. A lot of them should now start focusing on cybersecurity research and developing frameworks and tools. Cyber enthusiasts should learn and engage themselves in mobile apps, iOT, AI, Cloud platforms security as the scope is huge.

He is soon going to release a mobile-based implicit intent vulnerability detection tool, for which you can follow him on Twitter (rahulkankrale) for more details