No products in the cart.
When Google first introduced its trojan horse bounty program for Android, one of the best reward you might well per chance fetch for discovering and reporting a capacity exploit became as soon as $38,000.
The cap grew over time, as Android grew in recognition, extra safety researchers bought on board and extra vulnerabilities had been unearthed. This morning, Google is bumping up its high reward to $1.5 million greenbacks.
They’re no longer going to pay out a million+ for impartial any trojan horse, finally.
For this fresh reward class, Google is making an try to get “plump chain distant code execution exploit with persistence which compromises the Titan M rating ingredient on Pixel devices.” In other words, they’re making an try to get an exploit that, with out the attacker having bodily entry to the software, can attain code even after a software is reset and breaks into the dedicated safety chip constructed into the Pixels.
Reporting an exploit that suits that bill will fetch researchers as a lot as $1 million. If they are able to attain it on “explain developer preview variations” of Android, meanwhile, there’s a 50% bonus reward, bumping up essentially the most prize as a lot as $1.5 million.
Google first introduced the Titan M safety chip with the Pixel 3. As Google outlines here, the chip’s job is mainly to supervise; it double-checks boot prerequisites, verifies firmware signatures, handles lock video show passcodes and tries to aid malicious apps from forcing your software to roll abet to “older, potentially inclined” builds of Android. The identical chip can also even be show in the Pixel 4 lineup.
Indeed, $1.5 million for a single exploit sounds love loads… and it’s miles. It’s roughly what Google paid out for all trojan horse bounties in the closing 12 months. The head reward this yr, the corporate says, became as soon as $161,337 for a “1-click distant code execution exploit chain on the Pixel 3 software.” The average payout, meanwhile, became as soon as about $3,800 per discovering. Given the capacity severity of consistently busting by scheme of the safety chip on what’s meant to be the flagship fetch of Android, even supposing, a wild payout is vivid.