SoylentNews is people
SoylentNews
Google Will Award $1M-Plus to People Who Can Hack Titan M Security Chip
The company expanded its Android bug bounty program as one of several recent moves to ramp up mobile security.
Google is willing to award up to $1.5 million to hackers who can successfully hack its Titan M security chip on the company’s Pixel devices as part of an expansion of its Android bug-bounty program unveiled this week.
The company revealed increased payouts to its Android Security Rewards in a blog post Thursday. Google already has paid out more than $4 million in 1,800 reports to those who’ve identified vulnerabilities on the platform, it said.
The expansion of the program focuses mainly on Google’s own technology rather than the greater ecosystem, with the company offering a significant prize for hackers to test the security of its Titan security chip on forthcoming versions of Android.
“We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” Jessica Lin from the Android Security Team wrote in the post. “Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million.”
Google introduced Titan M in its Pixel 3 smartphone released last year. The chip adds deep, device-level protection to separate the most sensitive data stored on the Pixel from its main processor, which can protect it from certain types of attacks.[...] In addition to sweetening the deal for white-hat hackers to help it improve Titan M, Google also has expanded bug-bounty rewards in other critical device security areas. These include threats involving data exfiltration and lockscreen bypass, according to the post. Depending on the exploit category, people now can earn up to $500,000 for reporting bugs.
A comprehensive list of the changes is available on the Android Security Rewards Program Rules website.
(Score: 2) by Mojibake Tengu on Monday November 25 2019, @06:35PM
Biggest bug in Android is Google. You just forgot Google itself is a corporate faction of CIA, spawned by In-Q-Tel. They have interests, technical interests. Having a clean, impenetrable system crosses those interests. So they want only controllable vulnerabilities they own exclusively.
But, their major problem is infoleaks and independent discoveries. This is why they are willing to nibble small money to interfere with those flows of information.
All those insolent aggressive applications in store are quite instrumental, even third party ones provide some plausibility cover bushes for their own backdooring mechanisms.
Nothing will ever change for users who can't code for themselves. They cannot own their data since they do not own their programs. And it starts with a core operating system of course.
Respect Authorities. Know your social status. Woke responsibly.