以下内容由机器翻译生成。如果您觉得可读性不好, 请阅读原文或 点击这里.
You see it all the time — Facebook’s latest feature leaks to the public, and everyone knows about it before Zuckerberg has said a word. But where do these leaks come from?
Meet Jane Won is a 23-year-old studying software engineering at UMass Dartmouth, currently taking a gap year in Hong Kong. Her hobbies include travel, photography… as well as reverse engineering and chasing bug bounties. She’s responsible for some huge scoops from tech giants, including Facebook, Google, and Instagram.
Scroll through Wong’s Twitter, and you’ll see feature after feature, leak after leak — Gboard’s new Material Design for search cards, Facebook’s notification page is getting a redesign, Messenger is getting a dark mode…
Gboard is testing the new Material Design for search cards pic.twitter.com/tPsufLJNKq
-简 Manchun (@wongmjane) October 23, 2018
There are many reverse engineer hobbyists out there, but Wong works independently, and for no money. She’s even turned down job offers from tech publications looking for her to exclusively snoop for them. How does she do what she does? And why?
How does it work?
Reverse engineering is the process of deconstructing and then recreating a platform or program, and in doing so revealing its structure as well as possible weaknesses.
Wong reverse engineers apps to find out what features tech giants have been testing recently Most famously, she was the first to leak Facebook’s dating feature — publications such as Engadget, TechCrunch, and Verge were all fast to pick up the story behind her.
When we asked her about her workflow, and how she manages to stay ahead of the rest, Wong replied that her methods were somewhat “scientific”: “It is an iterative work on top of past knowledges and experiences. I would say my methods could be prettyscientific(i.e. Observation, Hypothesis, Experiments). It’s pretty similar to how other security researchers made the exploits possible.”
“I observe how the app and the operating system works programmatically, and how the company seemingly operates structurally, and how its people operate psychologically. I then try to make sense between the different observations and find their weaknesses… and then come up with hypotheses of how to make it worse. I then test to see of those work. If something interesting comes up, I usually tweet it out.”
She only leaks the big stuff, skipping single letter casing changes or minor alterations to UI layout. Sometimes she finds weaknesses, which many a bad actor could happily exploit: “If I found something that has to be fixed, I usually report it to bug bounty programs. For instance, I founda vulnerability that could have been used to dox Facebook employee’s identities, that got fixed before disclosing."
While Wong remains relatively low-key in the tech community — her Twitter followers are around 6k — this can open her up to others trying to steal her work: “There were a few incidents where I caught individuals plagiarizing/freebooting my scoops…freebootingas in downloading the screenshots and reposting it, with little to no citations, and without adding any additional contribution (e.g. news articles, or at least blog posts with their own thoughts/insights) on top of it.”
Wong doesn’t let it dissuade her from continuing her work: “I think there are better things to focus on than those individuals, but I called some out on Twitter (which is still visible on my tweet history). Some would add only the minimum amount of citation possible, and then tell people to follow their profiles or join their Facebook Groups for scoops they did not find.”
Ask her anything
Wong is currently still a student, but when she graduates she hopes to find a job at one of the platforms she reverse-engineers. For now, her work is for fun: “It feels like going on an adventure, like treasure hunting… To me, my reward is to be able to see what’s new, what’s coming next.”
It may be just a hobby, but reverse engineers like Wong are changing the tech industry. TechCrunch’s Editor-At-Large, Josh Constine, told Inside recently:“App researchers like Jane may force tech companies to announce new features as soon as they start testing them instead of when they’re ready to launch. Tipsters in the past typically had to have inside knowledge of companies — they either were or knew employees, partners, or investors. By digging into apps, researchers can find irrefutable evidence of new experiments from outside the company.”
To find out more about Jane Wong’s work, she’s hosting a TNW Answers session with us tomorrow, October 24th, at 4pm CEST/10am ET/7am PT. Send in your questions now!