Google offers $1.5m 'prize' for spotting bugs in Pixel phones

The Google Play Security Reward Program has now matched Apple in rewarding bug hunters. This bug bounty program allows researchers with a security research track record of high-quality systems on any platform that is eligible to apply and they could receive a maximum compensation of $1 million. The goal of the program is to help combat malicious hackers before trespassing or damaging systems and to better detect vulnerabilities and flaws.

When Google first launched its Android bug bounty program, the highest bug bounty reward was $38,000. Recently, Google has raised its "reward" for detecting security flaws in some of its Android smartphones to $1.5 million.

Google has confirmed to pay $1 million prizes as the highest prize to security researchers who can discover a unique bug in its smartphones Pixel series that may compromise user’s data. Also, an additional 50% bonus is offered if the researcher can discover an exploit on "particular developer preview versions of Android ", which results in a prize of $1.5 million.

The program will give the top prize to anyone who can break into Google’s Titan M “secure element.” The company said it has paid more than $4 million to security researchers since 2015.

Other companies also run the bug bounty schemes to encourage people to report flaws so they can be fixed instead of selling the exploits to criminals. But security experts doubt that the program will discourage people from making money from criminals.

Many companies like Apple, Facebook, Samsung, and Buzzfeed also offer rewards for reporting security flaws. Apple introduced its bug bounty program three years ago at the Black Hat conference and now it has extended its use to include Apple Watch, macOS, Apple TV, and others.

The security chip used in Pixel smartphones is aimed to secure their operating system and also store biometric data, which is used to unlock the phone. To win the $1.5 million reward, a researcher must find a way to compromise that chip on a device running specific developer preview versions of Android.

In addition to these rewards, Google also announced two new categories that researchers can follow for vulnerability rewards. The first category is data exfiltration vulnerabilities, which lets an attacker’s access data on a device and steal it by moving it to a location controlled by the attacker. And the next category is lock screen bypasses, which attacker’s used to access a locked device without knowing the user's access code.

No comments:

Powered by Blogger.