Google offers million-dollar bug bounty reward

Cyber security. Data protection concept. Banking security. Hands touching digital icon padlock and network connection on mobile smartphone, virtual interface screen. - Image
(Image credit: Shutterstock)

In an effort to help improve the security of its Pixel smartphones, Google has announced that it has raised its bug bounty rewards from $200,000 to a maximum of $1.5m.

The new rewards will be available to security researchers and white-hat hackers who are able to successfully hack the Titan M security chip found in the company's Pixel devices.

In a recent blog post, Google revealed that it increased the payouts for its Android Security Rewards and that it has already paid out over $4m in bug bounties as a result of 1,800 reports from those who were able to identify vulnerabilities on its platform.

Jessica Lin from the Android Security Team explained how the company is expanding the program to also include developer preview versions of Android, saying:

“We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million.”

Titan M chip

Google first introduced its Titan M chip with the release of the Pixel 3 smartphone last year. The chip itself adds deep, device-level protection in order to separate the most sensitive data stored on Pixel smartphones from their main processor to help protect against certain types of attacks.

The Titan M chip can also be found in the search giant's Titan Security Key which can be used to help secure user accounts on Android, Chrome OS, macOS and Windows.

Google has also expanded its bug bounty rewards to cover other critical device security areas such as data exfiltration and lockscreen bypass and depending on the exploit category, these rewards can go up to $500k.

The company first created the Android bug bounty program back in 2015 but its scope has been increased in recent years as Google tries to clamp down on malicious apps in the Google Play Store and other threats to the Android ecosystem as a whole.

Via Threat Post

Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

TOPICS