Twenty-eight year old Rafeh Baloch is a famed cyber security specialist and ethical hacker who has the honor of identifying vulnerabilities in Google’s android system. This Pakistan day, ISPR awarded Rafeh Baloch with ‘Fakhr e Pakistan’ award recognizing his contribution in the cyber security industry.
Back in 2014, the professional penetration tester traced a major security bug in the Android Platform Browser which he reported to Google on August 13.
Baloch shared information about the vulnerability via an email to the Android security team with proof of concept (PoC), however, Google couldn’t track the bug themselves for over two weeks.
The bug is called Same Origin Policy- SOP bypass which allows one site on a browser to access properties of another site on the same browser, such as cookies, location, and response.
Google was able to reproduce the bug and released a new update for Android to resolve the issue, however Google didn’t award Baloch for his contribution which made the young techie publish the information on his personal blog.
Forbes quotes response of a security expert Alan Woodward, saying “It was a really nasty bug“.
Woodward highlighted the risk of information leakage saying: “The mere fact that it potentially gives access to private data is a huge problem, after all it’s that data can then be used to commit further crimes against you,”
In a news report, Rafeh Baloch shared his feelings on receiving the honor from ISPR saying that he is greatly humbled and thankful for the appreciation from Pakistan and considered such programs as great initiatives for anyone who is serving their country.
Rafeh Baloch serves PTA
Baloch rejected employment opportunities in global tech giants: Facebook and Paypal, and prioritized Pakistan by joining Pakistan Telecommunication Authority- PTA as a Senior Consultant soon after completing masters degree from London Cyber Security Forensics.
Baloch said: “…because countries like America, and England have a mature cyber security sector whereas Pakistan lacks such development because we are currently in the initial phase of digitization,”.
Baloch considers his participation pertinent to PTA’s primary purpose of securing the cyber security realm of Pakistan from potential cyber attacks. “In my view, Pakistan faces two major issues in cyber security, first is the flow of talent towards other countries, and second is the lack of public awareness” said the senior consultant.
PTA and Cyber Security Advancement
Talking about his work at PTA, Baloch stated, “For the first time in Pakistan, following the vision of PTA chairman, the organization is working on important cyber security initiatives”.
Baloch synchs his thoughts with PM Imran Khan’s digital vision saying, “Digitization is the need of the hour for Pakistan”.
Currently when the Organization of Islamic Cooperation- OIC of 57 states holds the 48th conference in Pakistan, Baloch stressed on the collaboration among allied countries as a way to exchange experiences and learn from them to secure Pakistan before any security mishap.
Giving the example of burgeoning cyber security markets such as Dubai and Singapore, Baloch mentioned their success story of using best-in-class e-governance paradigm for protecting cyber security.
Baloch talked about the case of Pakistan’s National Database and Registration Authority- NADRA, Baloch saying that the institution has taken important development steps in cyber security.
Addressing national security concerns, PTA consultant said: “Cyber Security and National Security are closely associated with each other”.
Baloch also mentioned that PTA’s initiatives could be used to make usage of public mobile devices safer and secure. Baloch frequently shares the information of PTA’s digital security initiatives to the public through his social media accounts.