Google Ups Their Security Ante
If you’ve ever been interested in learning more about cyber-security (and are also interested in Android’s) then there’s never been a more enticing offer on the table. This week Google has officially announced a new top reward for being able to pinpoint a security flaw in the operating system. Are you hooked yet? Well, here’s the new figure: $1.5 million dollars!
A Quick History:
Way back in 2015 Google announced the launch of a security rewards program for Android (The one we’ve come to know and love today as it’s improved the operating system). The program covered security vulnerabilities affecting Nexus phones and tablets, and asked individuals to try to find defensive holes. In exchange for finding one of these you could earn up to $38,000.
This is no small chunk of change, but it’s also obviously a long way away from $1.5 million. What happened? Well Android grew in popularity and more security researchers came on board unearthing security flaws. In fact, from it’s first bug bounty program in 2010 Google was paying over $1 million a year to hundreds of researches who found issues. So it’s not a complicated story. Google offers rewards for security help. People find flaws. Google makes a more secure environment and ups the ante. Rinse and repeat.
The $1.5 Million Dollar Man:
Which brings us to the 2019 cap in the program. Google won’t pay that large a sum to just any bug though. Their looking for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In simpler terms they want to find a bug that lets a hacker execute code on a device even after it’s been reset and without physical access.
The Titan M security chip was first introduced in the Pixel 3. Its job is to oversee security (passcodes, verify firmware signatures, and identify malicious apps). It’s done a fairly good job and has been carried over into the new Pixel 4. And since it does such a good job security flaws are harder and harder to find. But that doesn’t mean they aren’t there. The only way security can get better is by someone figuring out how to hack it. If you find a hole in your defenses, you know exactly what needs to be patched up.
So the $1.5 million dollar bug is the big one, but it’s not the only reward. There are plenty of other security flaws that have led to hundred thousand-dollar payouts to dozens of individuals. If you are interested in learning about Android security, it’s safe to say these prizes are only going to go up, so there’s no time like the present to start!