[ad_1]
Google has expanded its bug-bounty program to supply a whopping $1.5 million for a top-notch Android 13 Beta exploit – particularly, for a hack of the Titan M safety chip that ships with Pixel telephones.
Android 13 Beta grew to become accessible final week to builders and early adopters, with Google promising an outsized deal with privateness and safety. It apparently goals to ship in that division, if the bounty bump is any indication.
The Web large introduced a 50% bonus for all Android 13 Beta exploits on Twitter and up to date its Android program web page to mirror the provide, including an necessary caveat: “Vulnerabilities have to be unique to Android 13 and should not reproduce on another model of Android,” it famous.
To benefit from the largess, bug hunters might want to set off on safari quickly: The elevated rewards are solely good for stories filed earlier than Could 27.
Placing the $1.5M Payout into ContextFor a way of perspective on that payout quantity, it is price noting that $1.5 million is exponentially bigger than the highest-ever bounty for an Android vulnerability, which was paid final 12 months — $157,000 for a vital exploit chain in an unspecified element. It is also half the quantity paid out within the entirety of 2021 for Android flaws ($3 million whole, throughout a whole lot of exploits), and roughly equal to the sum whole of payouts in 2020. So, this can be a lot of affection for one bug.
That stated, the probability of seeing a payout that measurement is an extended shot. That is as a result of it will be linked to the final time Google dabbled in big-bucks territory: In 2019, it started providing $1 million to anybody who might hack the Titan M safety chip, which is embedded in Google Pixel smartphones. Particularly, it requires a “full chain distant code execution exploit with persistence, which compromises the Titan M safe component on Pixel gadgets.”
However thus far, that reward has gone unclaimed. Thus, to reel within the $1.5 million on provide, an moral hacker would wish to not solely subvert the never-subverted Titan M, but additionally make sure that the exploit works on Android 13 Beta – and solely on Android 13 Beta.
The problem scale hasn’t deterred some. As one bounty hunter tweeted, “BRB going to promote my soul to the hacker gods to get a full distant code execution exploit chain on the Titan M.”
All Android 13 Beta Exploits Get a Bump Google’s different rewards for locating an exploitable safety vulnerability in Android are additionally topic to the 50% bonus for Android 13 Beta. These run wherever from $75,000 (for a Machine Coverage Controller bypass or code execution in a privileged course of) to $500,000 (for exfiltrating high-value information secured by Titan M). Most rewards clock in at $250,000.
OEM code (libraries and drivers), Digital Automotive Keys, kernel, boot-loader, Safe Aspect code, TrustZone OS and apps, system on chip (SoC), MicroController Unit (MCU), Boot ROM, RAM reminiscence, Flash reminiscence, filesystem, Trusted Execution Atmosphere (TEE), radio items, and many others., are all thought of eligible targets.
[ad_2]