Google will pay $1.5 million for the most severe Android exploits

Dan Goodin

from Ars Technica - All content on 2019-11-21 17:00 (#4VF9Y)

Enlarge (credit: New Line Cinema)

Google will pay up to $1.5 million for the most severe hacks of its Pixel line of Android phones, a more than seven-fold increase over the previous top Android reward, the company said.

Effective immediately, Google will pay $1 million for a "full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices," the company said in a post published on Thursday. The company will also pay $500,000 for exploits that exfiltrate data out of a Pixel or bypass its lock screen.

Google will offer a 50 percent bonus to any of its rewards if the exploit works on specific developer preview versions of Android. That means a critical Titan M hack on a developer preview could fetch $1.5 million, and a data exfiltration or lockcscreen bypass on a developer preview could earn $750,000, and so on. Previously, rewards for the most severe Android exploits topped out at $200,000 if they involved the trusted execution environment-an independent OS within Android for handling payments, multi-factor authentication, and other sensitive functions-and $150,000 if they involved compromise only on the Android kernel.

Read 6 remaining paragraphs | Comments

index?i=9USTagJLeuw:8YUoLr5pX1c:V_sGLiPB

index?i=9USTagJLeuw:8YUoLr5pX1c:F7zBnMyn

Source	RSS or Atom Feed
Feed Location	http://feeds.arstechnica.com/arstechnica/index
Feed Title	Ars Technica - All content
Feed Link	https://arstechnica.com/