Google increase the amount of rewards for the bug bounty program and now it will pay up to $ 1.5 million for hacking Android and Titan M.Now, researchers who have found vulnerabilities in Android and the Titan M security module (used in Google Pixel 3 and Pixel 4) can earn decent sum of money.
Recall that Titan M is a separate chip that is designed exclusively for processing sensitive data and processes such as Verified Boot, disk encryption, lock screen protection, secure transactions and many more.
And now, Google officials said that if researchers succeed in creating a chain of exploits for remote code execution that also compromises data protected by Titan M, the company will pay up to one million dollars for this.
“Moreover, if the exploit chain works for the preview version of Android, the reward will already be one and a half million dollars, because in this case the vulnerabilities can be eliminated before the problematic version of the OS enters users’s devices en masse”, – emphasize Google developers.
Obviously, this decision by Google is explained by the fact that this year private vulnerability brokers increased their rewards for exploits for Android to $ 2.5 million. This is the first time in history when exploits for Android began to cost more than exploits for iOS.
Then Chauki Bekrar, the head of Zerodium, explained that his company increased payments, as Android devices became more difficult to crack, because Google is constantly adding new protective mechanisms for its OS.
In addition to announcing a huge reward for compromising Titan M, Google also increased other payouts. So, until recently, the maximum payout was $ 200,000, and for this it was necessary to create a chain of exploits for remote code execution, which would lead to the compromise of TrustZone or Verified Boot. Since the launch of the Android Vulnerability Rewards Program in 2015, no one has received this highest award.
“In addition to exploits involving Pixel Titan M, we have added other categories of exploits to the rewards program, such as those involving data exfiltration and lockscreen bypass. These rewards reach $500,000 depending on the exploit category”, — report Google developers.
The amount of reward depends on the complexity of the vulnerabilities.
User Review( votes)