Google to Award $1M-Plus to People who can Hack Titan M Security Chip
upstart writes in with a submission, via IRC, for fnord666.
Google Will Award $1M-Plus to People Who Can Hack Titan M Security Chip
The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.
Google is willing to award up to $1.5 million to hackers who can successfully hack its Titan M security chip on the company's Pixel devices as part of an expansion of its Android bug-bounty program unveiled this week.
The company revealed increased payouts to its Android Security Rewards in a blog post Thursday. Google already has paid out more than $4 million in 1,800 reports to those who've identified vulnerabilities on the platform, it said.
The expansion of the program focuses mainly on Google's own technology rather than the greater ecosystem, with the company offering a significant prize for hackers to test the security of its Titan security chip on forthcoming versions of Android.
"We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices," Jessica Lin from the Android Security Team wrote in the post. "Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million."
Google introduced Titan M in its Pixel 3 smartphone released last year. The chip adds deep, device-level protection to separate the most sensitive data stored on the Pixel from its main processor, which can protect it from certain types of attacks.[...] In addition to sweetening the deal for white-hat hackers to help it improve Titan M, Google also has expanded bug-bounty rewards in other critical device security areas. These include threats involving data exfiltration and lockscreen bypass, according to the post. Depending on the exploit category, people now can earn up to $500,000 for reporting bugs.
A comprehensive list of the changes is available on the Android Security Rewards Program Rules website.
Read more of this story at SoylentNews.