Google on Thursday announced that it’s expanding its Android bug bounty program, and certain types of exploits can now earn researchers up to $1.5 million
According to Google, it has paid out over $4 million for more than 1,800 vulnerability reports received since the launch of its Android Security Rewards program in 2015. In the past year, payouts totaled over $1.5 million and the highest single reward paid out in 2019 was just over $161,000.
The highest reward this year was paid out to Guang Gong of the Chinese cybersecurity firm Qihoo 360. In fact, the researcher earned over $200,000 for a single exploit chain as he demonstrated how an attacker could remotely execute arbitrary code on a Pixel 3 device using a combination of Android and Chrome vulnerabilities — the Chrome flaws earned him an extra $40,000. Only one click was required to trigger his exploit.
Google has now announced significantly higher rewards through the Android Security Rewards program, including up to $1 million for a Pixel Titan M exploit, which is also eligible for a 50% bonus if the exploit chain works on certain developer preview versions of Android. Google is offering the top reward for a full chain remote code execution exploit that provides persistence on the device and involves compromising the company’s Titan M security chip.
White hat hackers who demonstrate a method for exfiltrating data protected by the Pixel Titan M chip can now earn up to $500,000, and up to $250,000 for exfiltrating data secured by a Secure Element.
Another new category added to the Android bug bounty program covers lockscreen bypass techniques. Resear ..
Support the originator by clicking the read the rest link below.
