Google will pay bug hunters up to $1.5m if they can hack its Titan M chip
Google announced last week that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip.
Launched last year, the Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more.
Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it.
If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.
Google is willing to give the larger payout for a bug in a preview version because it allows the company to fix a bug before the Android OS is shipped to real-world devices.
The company's move comes after earlier this year, private companies that acquired Android exploits had increased payouts for Android bugs to $2.5 million, making it the first time Android bugs were worth more than iOS exploits on the private market.
At the time, Chaouki Bekrar, CEO of private bug acquisition program Zerodium, told ZDNet that his company had increased payouts because Android devices had become harder to hack due to the constant flow of security features that Google has added to the OS, along with contributions from Samsung.
Today's announcement comes as Google also increased bug bounty payouts across the board for the entire Android Vulnerability Rewards Program (VRP).
Until today, the maximum vulnerability payout was $200,000 for "a remote exploit chain leading to a TrustZone or Verified Boot compromise."
Since the Android VRP's launch in 2015, nobody has earned this top reward, and chances are low that no one will be able to hack Android running on a Titan M chip either.
Remote exploits -- that work without the attacker having physical access to a device -- are hard to create, as most attack vectors such as networking protocols have been plugged. Even if an attacker/researcher finds a remote attack, gaining boot persistence is another major hurdle that nobody has cracked.
"We've seen two complete full-chain RCEs," a Google spokesperson told ZDNet in an interview yesterday when we asked how common are vulnerability reports for remotely exploitable bugs.
"They both came from the same researcher. The majority of exploit chains submitted are local rather than remote," the Google spokesperson said.
The researcher is Guang Gong, of Alpha Lab, Qihoo 360 Technology Co. Ltd. One of these two RCEs exploits chains has also helped Guang net the highest bug reward in 2019.
"This report detailed the first reported 1-click remote code execution exploit chain on the Pixel 3 device," Google said.
"Guang Gong was awarded $161,337 from the Android Security Rewards program and $40,000 by Chrome Rewards program for a total of $201,337," it added.
"The $201,337 combined reward is also the highest reward for a single exploit chain across all Google VRP programs."
But besides introducing a $1.5 million reward for Titan M remote hacks and increasing bug bounties across the board, Google is also adding another bug reporting category.
The OS maker says it's willing to pay up to $500,000 for bug reports involving data exfiltration and lock screen bypasses, depending on the bug's complexity.
Google's willingness to increase bug bounty payouts is certainly rooted in the company's confidence in the fact that Android is secure enough not to fall pray to easy hacks.
Either way, Google has not been shy and has been one of the companies with the largest payouts on the market. Since the Android VRP's launch in 2015, Google said it paid researchers up to $4.5 million, with $1.5 million being paid in the past 12 months alone.
"Over 100 participating researchers have received an average reward amount of over $3,800 per finding (46% increase from last year). On average, this means we paid out over $15,000 (20% increase from last year) per researcher," Google said.
Industry: Cyber Security
- CIAM Architect Azure B2C
We are seeking a highly skilled and experienced Azure B2C CIAM Architect for a contract starting on Jan 2024. As an Azure B2C CIAM Architect, you will be responsible for designing, implementing, and deploying an new Azure B2C Solution . Responsibilities: Design and implement an Azure B2C-based CIAM solution that meets the needs of our clients organization. Maintain and support the Azure B2C-based CIAM solution. Provide training and support to our employees on the use of the CIAM solution. Background designing, implementing, and maintaining CIAM solutions. Experience with cloud-based identity and access management (IAM) solutions. Experience with OAuth, OpenID Connect,and SAML. Excellent written and verbal communication skills
- Senior IAM Consultant
- Upto €110,000 depending on level of position
Senior IAM Consultant is needed to help lead and deploy IAM Projects for this expand IAM Consultancy The ideal candidate will have a deep understanding of IAM concepts and technologies, as well as experience in deploying and managing complex IAM solutions. Responsibilities Lead the deployment of IAM solutions for our clients Work with clients to understand their IAM requirements and design solutions that meet their needs Configure and implement IAM solutions using best practices Integrate IAM solutions with other enterprise systems Provide training and support to clients on the use of IAM solutions Stay up-to-date on the latest IAM technologies and trends We are looking for an experieneced IAM Consutlatn with: Strong understanding of IAM concepts and technologies,including identity lifecycle management,access control,and authentication Experience in deploying and managing complex IAM solutions Experience with IAM products and solutions,such as SailPoint,One Identity Manager,and Azure Active Directory Excellent communication and interpersonal skills Ability to work independently and as part of a team Fluent in German Candidates witll need to live and have the right to work within Germany to be considered.
- Security Architect - SOC Design - Outside IR35 London. SC / DV cleared
- Outside IR35
Security Architect - With in-depth SOC Design experience needed for Outside IR35 London. SC / DV cleared. 6 month rolling Immediate Experience delivering technical Security Architecture design / assurance of security design with mobile network experience. HLD / LLD Current SC Clearance a must. Willingness to undertake DV. London 3 days a week Immediately interviewing.
- Cyber Security Risk Consultant. UK. Hybrid. Home | Work balance
- United Kingdom
Cyber Security Consultancy - done the right way. Seeking a passionate Cyber Security Risk Consultant who enjoys helping clients make a different to their business. Warning- if you want a large, slow moving, high politics, high travel security consultancy that demands their a pound of flesh this is NOT for you. A successful individual will have experience working with clients to identify business cyber security risk. This is a remote first opportunity which means you will spend the majority of your time working remotely. You will however spend some time meeting clients as well as meeting up with the team on a monthly basis.. Some of the nice to have certifications. CRISC, ISO27001 Lead implementer, CISA, CISM, CISSP Along with dedicated training budgets, unlimited holiday and a structured career path, this opportunity will give a much needed work life balance. Unable to offer Visa sponsorship now or in the future. Apply and book a call in my diary with the below