MENU

Be A Bug Bounty Hunter: Google Is Offering Up To $200,000 For Android Exploits

3 June 2017, 5:02 pm EDT By Eric Brackett Tech Times
Close
Google Maps now covers our solar system

In 2015, Google launched the Android Security Rewards program which pays out rewards to those who discover bugs and system exploits within the OS. Now, Google has announced that it is increasing the maximum payout to $200,000.

Bug Bounty Programs

The Android Security Rewards program is similar to other programs of its kind in the tech industry. If a security firm, or individual, discovers an exploit within Android OS and reports it to Google then they'll receive a cash reward. From there, Google uses that information to fix the exploit and avoid hacks by malicious organizations.

The payouts vary based on the severity of the exploits, but, overall, Google has paid security researchers more than $1.5 million since the program began. Despite this, no one has managed to claim Google's largest bounties so the company has decided to substantially increase the reward in hopes of attracting more engineers and researchers to the program.

Kernel Exploits

The increased rewards apply to two bounties. The first is for remote kernel exploits. Android is based on the open-source Linux OS which has been used to create the popular Ubuntu operating system. As powerful and adaptable as Linux is, it does contain several security issues. The most troubling — at least from Google's perspective — are called remote kernel exploits, which could allow unauthorized users to gain remote control of Android devices or steal a user's personal data. Google has increased the payout for discovering a remote kernel exploit from $30,000 to $150,000.

Trust Zone Or Verified Boot Compromises

Trust Zone is a system on a chip technology that helps to ensure that security software, system boot settings, and biometric data, such as the fingerprint scans used in touch ID systems, are secure. It goes without saying that this is data that no one wants exposed to hackers.

Verified Boot was introduced in Android KitKat as a means of ensuring that the phone's software had not been altered. Each time the phone boots up, it performs a check and, on devices running Android 6.0 and higher, will warn users of tampering. Understandably, hackers would love a way around Verified Boot.

Payday

The reward for either of these exploits has been increased from $50,000 to $200,000

Assuming no researchers take the bait, it is likely that Google will increase the reward again until someone decides it is worth their time to discover such an exploit. After all, every software has flaws. Eventually, someone will discover one of these errors. It is just a question of whether it will be someone working for Google or a hacker trying to steal personal data.

© 2017 Tech Times, All rights reserved. Do not reproduce without permission.

Eric Brackett Tech Times editor Eric Brackett is a tech junkie and a gamer, covering science and technology. Follow him on Facebook and Twitter for updates and his random thoughts on the latest trends in gaming, tech, and comic books.

From Our Sponsor

Entropia Universe Allows Players To Earn Real Cash In The Virtual World

Everything in Entropia Universe has real cash value, and the real estate, land and deeds that players invest in are actual investments. The game uses a micropayment system that allows players to buy Project Entropia Dollars (PED), which is used as in-game currency. With a click of a mouse, PED can also be withdrawn from the game and transferred to your bank account using an e-money/e-wallet service like Neteller e-wallet.
Real Time Analytics