Google announces that it will pay up to 160 million yen to Android bug finders
by maxxyustas
Google for Android Vulnerable Announcement of enhancement of Android bounty program Android Security Rewards . This change will pay up to $ 1.5 million for Android vulnerability discoverers.
Google Online Security Blog: Expanding the Android Security Rewards Program
https://security.googleblog.com/2019/11/expanding-android-security-rewards.html
Google will pay $ 1.5 million for the most severe Android exploits | Ars Technica
https://arstechnica.com/information-technology/2019/11/google-will-pay-1-5-million-for-the-severest-android-exploits/
Google's new Android Security Rewards target is the “ Titan M ” vulnerability. Titan M is a security chip that has been adopted by Google smartphones since Pixel 3, and Google is pushing the drums, 'Pixel series with Titan M is the highest level of security on smartphones.'
The details of Titan M are described in detail in the following article.
Google Pixel 3 is equipped with a unique security chip `` Titan M '' at the data center level, ensuring the best smartphone security with software & hardware-GIGAZINE
Google said, `` Up to $ 1 million (about 100 million 865 million) for full-chain (no additional user interaction) remote code execution exploits with persistence that compromises the Pixel series Titan M secure element. Will be paid '. At the same time, we have established a new mechanism to add a 50% bonus to exploits found in Android-specific developer previews. With this, if you can discover exploits that infringe on Titan M on the developer preview version of Android, you will be able to get a reward of up to $ 1.5 million (about 160 million yen).
Apart from the exploit, $ 500,000 (about 54.33 million yen) for Titan M bugs that lead to lock screen avoidance and leakage of important data, other than Titan M $ 250,000 (about 27.16 million yen) Bounty is also available, and the total bounty for the two defects is $ 750,000 (about 81.5 million yen).
About this announcement, security researcher Saleem Rashid said, `` Vulnerability purchase company Zerodium pays only $ 100,000 (about 10.86 million yen) to avoid lock screen on iOS and Android, but Google is 7.5 times that (!) Will also be paid. '
for context: Zerodium will only pay $ 100,000 for a lockscreen bypass on either iOS or Android.
— Saleem Rashid (@ saleemrash1d) November 21, 2019
Google are offering up to 7.5 (!) Times as much pic.twitter.com/38S6h1QO2K
In addition, “I think, we are witnessing a moment of paradigm shift in iOS and Android security,” praised Google's new efforts.
i think we're in the midst of an iOS / Android security paradigm shift https://t.co/N7UXaDHEc2
— Saleem Rashid (@ saleemrash1d) November 21, 2019
Related Posts:
