The old and golden hunter's bounty is back to a whole new level! Google has added a 50% "reward" bonus to the US$1 million on offer to hackers that compromise the Titan M secure element on Pixel devices. There is no doubt that these aren't cyber-criminals that are getting rewarded by all these big names in technology: these are the hackers who report security problems so that they can be fixed before threat actors can exploit them. For this particular purpose, Google launched the Vulnerability Reward Programs (VRPs) in 2010.
The Google VRPs cover numerous product areas and have been expanded continuously in terms of both reach and reward since 2010. As well as Android and Chrome, for example, there is an "Abuse" program that covers what Google refers to as "significant abuse-related methodologies." An example of the latter is how an attacker might manipulate rating scores for a Google Maps listing without alerting the abuse detection system. The maximum baseline Chrome VRP reward has tripled to US$15,000 but the really big money is to be found within the Android Security VRP.
According to a Google security blog posting that looks at the VRP year in review for 2019, the top prize in this category is US$1 million for a "full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices." Do that on specific Android developer preview versions, and Google will now increase the reward by 50% to US$1.5 million it has confirmed.
There are some genuinely mind-boggling statistics in this yearly VRP review, not least that since 2010, Google has now paid out more than US$21 million in rewards. In 2019 alone, some US$6.5 million in rewards were paid; that's twice as much as has ever been rewarded in a single year before. Generous hackers donated a record total of US$500,000 in rewards cash to charity, five times as much as in any year before. The single highest reward payout was US$201,000 and a total of 461 hackers received payments from Google across the year. By opening up the Google Play security reward program to cover any app with more than 100 million installs, there was a surge of bug reports that resulted in $650,000 (£500,000) in rewards being paid in the last six months of the year.
Floki Inu is Digging its Own Grave Despite Ad Campaign Controversy
Will EU Really Share Its Technology under India, EU Trade and Tech Council?
Fashion in the Metaverse: Will it Take a Nasty Turn Soon?
Cybercriminals are Feasting Over 'Zero-day Hacks' While the World Watches
Top 10 Code Playgrounds Every Web Developer Should Try!
5G Cyberattacks are Menacing! A 9/11 Like Scenario could Unfold Soon
Join our WhatsApp Channel to get the latest news, exclusives and videos on WhatsApp
_____________
Disclaimer: Analytics Insight does not provide financial advice or guidance. Also note that the cryptocurrencies mentioned/listed on the website could potentially be scams, i.e. designed to induce you to invest financial resources that may be lost forever and not be recoverable once investments are made. You are responsible for conducting your own research (DYOR) before making any investments. Read more here.