Google has included a reward to researchers who can present a way to compromise its Titan M safe element, utilized in the company’s Pixel devices functioning Android, worth a million US bucks.
A whole-chain remote code exploit with gadget persistence is demanded to carry home the bug bounty bacon for researchers beneath the Android Stability Rewards program, lively considering that 2015.
There is also a 50 for each cent reward for exploit chains located on particular preview versions of Android, that means researchers could make as considerably as US$1.5 million for a Titan M exploit.
The Titan M stability module protects the Android Confirmed Boot stability element and stores insider secrets, stops fake button presses, enforces manufacturing facility reset insurance policies and stops unlock tries without having owners’ cooperation, as properly as forced firmware updates that could be utilized to accessibility gadget facts.
Google’s ASR program will also award up to 50 percent a million US bucks for facts exfiltration and lockscreen bypass exploits now.
Given that its inception, ASR has compensated out more than 4 million bucks in reward for more than 1800 bug studies.
Qihoo 360’s Alpha Lab researcher Guang Gong earnt more than US$200,000 for a bug report that featured a one-click on remote code execution exploint chain for Pixel 3, from the two the ASR and Chrome Rewards packages.