Google Ups Their Security Ante

Google Ups Their Security Ante

If you’ve ever been interested in learning more about cyber-security (and are also interested in Android’s) then there’s never been a more enticing offer on the table.  This week Google has officially announced a new top reward for being able to pinpoint a security flaw in the operating system.  Are you hooked yet?  Well, here’s the new figure: $1.5 million dollars!

A Quick History:

Way back in 2015 Google announced the launch of a security rewards program for Android (The one we’ve come to know and love today as it’s improved the operating system). The program covered security vulnerabilities affecting Nexus phones and tablets, and asked individuals to try to find defensive holes.  In exchange for finding one of these you could earn up to $38,000.

This is no small chunk of change, but it’s also obviously a long way away from $1.5 million.  What happened?  Well Android grew in popularity and more security researchers came on board unearthing security flaws.  In fact, from it’s first bug bounty program in 2010 Google was paying over $1 million a year to hundreds of researches who found issues.  So it’s not a complicated story.  Google offers rewards for security help.  People find flaws.  Google makes a more secure environment and ups the ante.  Rinse and repeat.

The $1.5 Million Dollar Man:

Which brings us to the 2019 cap in the program.  Google won’t pay that large a sum to just any bug though.  Their looking for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.”  In simpler terms they want to find a bug that lets a hacker execute code on a device even after it’s been reset and without physical access. 

The Titan M security chip was first introduced in the Pixel 3.  Its job is to oversee security (passcodes, verify firmware signatures, and identify malicious apps).  It’s done a fairly good job and has been carried over into the new Pixel 4. And since it does such a good job security flaws are harder and harder to find.  But that doesn’t mean they aren’t there.  The only way security can get better is by someone figuring out how to hack it.  If you find a hole in your defenses, you know exactly what needs to be patched up.

So the $1.5 million dollar bug is the big one, but it’s not the only reward.  There are plenty of other security flaws that have led to hundred thousand-dollar payouts to dozens of individuals.  If you are interested in learning about Android security, it’s safe to say these prizes are only going to go up, so there’s no time like the present to start!

Pixel 4 Leaks Become Floodgates
Google Looks Ahead With 2020 Vision

Super Fans always leave a comment :-)

3 thoughts on “Google Ups Their Security Ante”

  1. Hello,
    I have a Samsung A40 with the request for a google account.
    It has been several days since I tried to get around it but it is complicated I have not succeeded.
    Can you please help me, or give me the real software that will work.
    thank you so much


  2. Hi Rootjunky,
    I’ve been involved with your work since around 2010 as Seadoodude or HotShot.

    I am dealing with some health issues and the old trick you shut off the router for the lost google account password on Samsung Device.
    This time a Verizon Note 5. method won’t work for me because of dexterity.

    I remember we chatted on xda developers sometime ago about a easier method for another Note 5 I took in trade.

    Can you give me a link to getting into settings on the locked Note 5 please?

    Thank you and you rock!

    I’ve been into all types of ekecteobicsfor many years and just get picked due to patience on the bypass.
    I’m great on all other exploits.

    Thanks in advance.
    Seadoodude (original hotshot on irc)


Leave a Comment

Loading Facebook Comments ...