Tuesday, April 13, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Google will pay bug hunters up to $1.5m if they can hack its Titan M chip

November 23, 2019
in Internet Security
Google will pay bug hunters up to $1.5m if they can hack its Titan M chip
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Google

Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip.

Launched last year, the Titan M chip is currenly part of Google Pixel 3 and Pixel 4 devices. It’s a separate chip that’s included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more.

You might also like

Brave browser disables Google’s FLoC tracking system

These new vulnerabilities put millions of IoT devices at risk, so patch now

Who do I pay to get the ‘phone’ removed from my iPhone?

Google says that if researchers manage to find “a full chain remote code execution exploit with persistence” that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it.

If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.

Google is willing to give the larger payout for a bug in a preview version because it allows the company to fix a bug before the Android OS is shipped to real-world devices.

The company’s move comes after earlier this year, private companies that acquired Android exploits had increased payouts for Android bugs to $2.5 million, making it the first time Android bugs were worth more than iOS exploits on the private market.

At the time, Chaouki Bekrar, CEO of private bug acquisition program Zerodium, told ZDNet that his company had increased payouts because Android devices had become harder to hack due to the constant flow of security features that Google has added to the OS, along with contributions from Samsung.

Increased payouts across the board

Today’s announcement comes as Google also increased bug bounty payouts across the board for the entire Android Vulnerability Rewards Program (VRP).

Until today, the maximum vulnerability payout was $200,000 for “a remote exploit chain leading to a TrustZone or Verified Boot compromise.”

Since the Android VRP’s launch in 2015, nobody has earned this top reward, and chances are low that no one will be able to hack Android running on a Titan M chip either.

Remote exploits — that work without the attacker having physical access to a device — are hard to create, as most attack vectors such as networking protocols have been plugged. Even if an attacker/researcher finds a remote attack, gaining boot persistence is another major hurdle that nobody has cracked.

Google: We’ve seen two complete full-chain RCEs

“We’ve seen two complete full-chain RCEs,” a Google spokesperson told ZDNet in an interview yesterday, when we asked how common are vulnerability reports for remotely exploitable bugs.

“They both came from the same researcher. The majority of exploit chains submitted are local rather than remote,” the Google spokesperson said.

The researcher is Guang Gong, of Alpha Lab, Qihoo 360 Technology Co. Ltd.. One of these two RCEs exploit chains has also helped Guang net the highest bug reward in 2019.

“This report detailed the first reported 1-click remote code execution exploit chain on the Pixel 3 device,” Google said.

“Guang Gong was awarded $161,337 from the Android Security Rewards program and $40,000 by Chrome Rewards program for a total of $201,337,” it added.

“The $201,337 combined reward is also the highest reward for a single exploit chain across all Google VRP programs.”

$500,000 for data exfiltration and lockscreen bypasses

But besides introducing a $1.5 million reward for Titan M remote hacks and increasing bug bounties across the board, Google is also adding another bug reporting category.

The OS maker says it’s willing to pay up to $500,000 for bug reports involving data exfiltration and lockscreen bypasses, depending on the bug’s complexity.

Google’s willingness to increase bug bounty payouts is certainly rooted in the company’s confidence in the fact that Android is secure enough not to fall pray to easy hacks.

Either way, Google has not been shy and has been one of the companies with the largest payouts on the market. Since the Android VRP’s launch in 2015, Google said it paid researchers up to $4.5 million, with $1.5 million being paid in the past 12 months alone.

“Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year). On average, this means we paid out over $15,000 (20% increase from last year) per researcher,” Google said.


Credit: Zdnet

Previous Post

OnePlus Suffers New Data Breach Impacting Its Online Store Customers

Next Post

How Automation Can Simplify Receipt Data Extraction Process

Related Posts

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
Apple looking to close the gap between web and app privacy
Internet Security

Who do I pay to get the ‘phone’ removed from my iPhone?

April 13, 2021
Criminals spread malware using website contact forms with Google URLs
Internet Security

Criminals spread malware using website contact forms with Google URLs

April 13, 2021
Bug bounties: More hackers are spotting vulnerabilities across web, mobile and IoT
Internet Security

Critical security alert: If you haven’t patched this old VPN vulnerability, assume your network is compromised

April 13, 2021
Next Post
How Automation Can Simplify Receipt Data Extraction Process

How Automation Can Simplify Receipt Data Extraction Process

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

Brave browser disables Google’s FLoC tracking system
Internet Security

Brave browser disables Google’s FLoC tracking system

April 13, 2021
New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices
Internet Privacy

New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices

April 13, 2021
Machine Learning Approach In Fantasy Sports: Cricket
Machine Learning

Machine Learning Approach In Fantasy Sports: Cricket

April 13, 2021
These new vulnerabilities put millions of IoT devices at risk, so patch now
Internet Security

These new vulnerabilities put millions of IoT devices at risk, so patch now

April 13, 2021
BRATA Malware Poses as Android Security Scanners on Google Play Store
Internet Privacy

BRATA Malware Poses as Android Security Scanners on Google Play Store

April 13, 2021
6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome
Data Science

6 Limitations of Desktop System That QuickBooks Hosting Helps Overcome

April 13, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • Brave browser disables Google’s FLoC tracking system April 13, 2021
  • New NAME:WRECK Vulnerabilities Impact Nearly 100 Million IoT Devices April 13, 2021
  • Machine Learning Approach In Fantasy Sports: Cricket April 13, 2021
  • These new vulnerabilities put millions of IoT devices at risk, so patch now April 13, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates