Google will now pay up to $1.five million for very specific Android exploits – TechCrunch
The cap grew through the years, as Android grew in reputation, extra safety researchers were given on board and extra vulnerabilities have been unearthed. This morning, Google is bumping up its best praise to $1.five million bucks.
They’re no longer going to pay out a million+ for simply any computer virus, in fact.
For this new praise class, Google is having a look for “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” In different phrases, they’re having a look for an exploit that, with out the attacker having bodily get right of entry to to the tool, can execute code even after a tool is reset and breaks into the devoted safety chip constructed into the Pixels.
Reporting an exploit that matches that invoice will get researchers up to $1 million. If they may be able to do it on “specific developer preview versions” of Android, in the meantime, there’s a 50% bonus praise, bumping up the utmost prize up to $1.five million.
Google first offered the Titan M safety chip with the Pixel three. As Google outlines right here, the chip’s activity is largely to supervise; it double-checks boot stipulations, verifies firmware signatures, handles lock display passcodes and tries to stay malicious apps from forcing your tool to roll again to “older, potentially vulnerable” builds of Android. The identical chip may also be discovered within the Pixel four lineup.
Indeed, $1.five million for a unmarried exploit appears like so much… and it’s. It’s more or less what Google paid out for all computer virus bounties within the ultimate 12 months. The best praise this 12 months, the corporate says, used to be $161,337 for a “1-click remote code execution exploit chain on the Pixel 3 device.” The moderate payout, in the meantime, used to be about $three,800 according to discovering. Given the possible severity of consistently busting during the safety chip on what’s intended to be the flagship type of Android, even though, a wild payout is smart.