Google will pay bug hunters up to $1.5m if they can hack its Titan M chip
Google announced last week that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip.
Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more.
Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it.
If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.
Google is willing to give the larger payout for a bug in a preview version because it allows the company to fix a bug before the Android OS is shipped to real-world devices.
The company's move comes after earlier this year, private companies that acquired Android exploits had increased payouts for Android bugs to $2.5 million, making it the first time Android bugs were worth more than iOS exploits on the private market.
At the time, Chaouki Bekrar, CEO of private bug acquisition program Zerodium, told ZDNet that his company had increased payouts because Android devices had become harder to hack due to the constant flow of security features that Google has added to the OS, along with contributions from Samsung.
Today's announcement comes as Google also increased bug bounty payouts across the board for the entire Android Vulnerability Rewards Program (VRP).
Until today, the maximum vulnerability payout was $200,000 for "a remote exploit chain leading to a TrustZone or Verified Boot compromise."
Since the Android VRP's launch in 2015, nobody has earned this top reward, and chances are low that no one will be able to hack Android running on a Titan M chip either.
Remote exploits -- that work without the attacker having physical access to a device -- are hard to create, as most attack vectors such as networking protocols have been plugged. Even if an attacker/researcher finds a remote attack, gaining boot persistence is another major hurdle that nobody has cracked.
"We've seen two complete full-chain RCEs," a Google spokesperson told ZDNet in an interview yesterday when we asked how common are vulnerability reports for remotely exploitable bugs.
"They both came from the same researcher. The majority of exploit chains submitted are local rather than remote," the Google spokesperson said.
The researcher is Guang Gong, of Alpha Lab, Qihoo 360 Technology Co. Ltd. One of these two RCEs exploits chains has also helped Guang net the highest bug reward in 2019.
"This report detailed the first reported 1-click remote code execution exploit chain on the Pixel 3 device," Google said.
"Guang Gong was awarded $161,337 from the Android Security Rewards program and $40,000 by Chrome Rewards program for a total of $201,337," it added.
"The $201,337 combined reward is also the highest reward for a single exploit chain across all Google VRP programs."
But besides introducing a $1.5 million reward for Titan M remote hacks and increasing bug bounties across the board, Google is also adding another bug reporting category.
The OS maker says it's willing to pay up to $500,000 for bug reports involving data exfiltration and lock screen bypasses, depending on the bug's complexity.
Google's willingness to increase bug bounty payouts is certainly rooted in the company's confidence in the fact that Android is secure enough not to fall pray to easy hacks.
Either way, Google has not been shy and has been one of the companies with the largest payouts on the market. Since the Android VRP's launch in 2015, Google said it paid researchers up to $4.5 million, with $1.5 million being paid in the past 12 months alone.
"Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year). On average, this means we paid out over $15,000 (20% increase from last year) per researcher," Google said.
Industry: Cyber Security
- Sailpoint IIQ Consultant
- Up to £75,000
SailPoint IIQ consultant- London We are looking for a strong SailPoint IIQ consultant to work for this global enterprise, in this position you will be the lead consultant in regard to the IAM and PAM tools Duties include Responsible for designing, developing, testing, implementing, and integrating IAM (SailPoint) systems and solutions. Assessing requirements for Identity and Access Management solutions to meet stakeholders needs. Provide support for production IAM infrastructure systems and processes. Ensures the maintenance, patching, operating, and monitoring of IAM systems. Ensures senior management and staff are informed of any changes and updates in a timely manner. Experience with Maintaining and supporting SailPoint IIQ Assessing requirements for Privilege Access Management solutions to meet stakeholders needs We are looking for someone with the following experience SailPoint IIQ experience Expertise working with SailPoint Identity IQ platform - Access Lifecycle Management, Certifications, Role Management Expertise in onboarding applications with various connectors like Active Directory, JDBC, SCIM 2.0, Azure Active Directory Expertise in developing APIs (SCIM, REST) leveraging Java based developmentExperience of Privileged Access Management concepts and use cases Unfortunatly we are unable to provide sponsorship for this opportunity, therefore applications will need to be able to work in the UK
- SailPoint Consultant- Netherland-
- upto €700 per day
We are looking for a highly skilled SailPoint IIQ Consultant to work on a major deployment project. The ideal candidate will have experience with all aspects of SailPoint IIQ, including development, configuration, and administration. They will also be able to work independently and as part of a team to deliver high-quality results. · Responsibilities · Develop and configure Sailpoint IIQ solutions · Integrate SailPoint IIQ with other systems · Support SailPoint IIQ deployments · Provide technical support to users If you are a highly skilled SailPoint IIQ consultant who is looking for their next project, we encourage you to apply. look forward to hearing from you!
- Lead CyberArk deployment Consultant
- Upto £80,000 plus benefits
CyberArk Consultant is needed to be responsible for leading the deployment of CyberArk solutions for this expanding IT services business, You will work with customer both pre and post sales, getting involved in CyberArk Solution Design, helping to create CyberArk Strategic Roadmaps, on-boarding accounts, product and process integration into the CyberArk Solution and Proviso of Installation and technical Documentation. We are looking for this individual to have experience in: Installation of CyberArk PAS for V11.X and V12.X (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Upgrade of CyberArk from V9 and V10 (Vault, DR Vault, Central Policy Manager and Password Vault Web Access) Installation and Upgrade of Privilege Session Manager and Privilege Session Manager Proxy As some of your client will be government site, all individual will need to be put through SC clearance, therefore you must be eligible to receive this and happy to be put through(With a British Citizen or to have lived in the UK for the past 5 years) We are unable to provide work visa sponsorship for this opportunity
- Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, London
- £400 per day outside IR35
Senior Business Analyst - Outside IR35 Contract, SC Clearance Required, Based in London Project- to engage with colleagues and stakeholders to investigate and model business functions, processes, information flows and data structures, using a range of business analysis techniques. • You will translate the solution to the business problem into detailed requirements by creating user stories and well-defined acceptance criteria. • Elicit end-to-end business requirements for a live cross-government service • Working across the Government departments to bring together varied business and operational outcomes to form a holistic overall set of service requirements Current SC clearance is required. As is the ability to travel to London.