Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Quadruples Top Reward For Hacking Android To $200,000 (venturebeat.com)

Posted by BeauHD on from the please-and-thank-you dept.

Krystalo quotes a report from VentureBeat: Google has paid security researchers millions of dollars since launching its bug bounty program in 2010. The company today expanded its Android Security Rewards program because "no researcher has claimed the top reward for an exploit chain in two years." Right. Well, the program has only been around for two years -- a Google spokesperson confirmed that nobody has ever claimed the top reward. The Android team is making two bug bounty increases today. The reward for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise has quadrupled from $50,000 to $200,000. The reward for a remote kernel exploit has quintupled from $30,000 to $150,000. Want to make six figures? Just figure out how to hack Android.

14 comments

  1. give it to an end user by capntao · · Score: 1

    i think all you need to do is make sure the carrier doesn't properly push updates and then give it to a consumer who will proceed to download/click on anything until it's hosed. am i rich yet?

    1. Re:give it to an end user by Anonymous Coward · · Score: 0

      i think all you need to do is make sure the carrier doesn't properly push updates and then give it to a consumer who will proceed to download/click on anything until it's hosed.

      am i rich yet?

      Translation: Derp derp *drool* derp *drool*

    2. Re:give it to an end user by Anonymous Coward · · Score: 0

      i think all you need to do is make sure the carrier doesn't properly push updates and then give it to a consumer who will proceed to download/click on anything until it's hosed. am i rich yet?

      my dumba$$, forever-p0rn-searching brother would be the perfect candidate for your plan...

  2. The Russians will do it for free by Anonymous Coward · · Score: 0

    ...because they're patriots!

  3. Which version? by Anonymous Coward · · Score: 0

    Considering 99% of the world is on a version other than the latest, how does this help?

  4. Want to make six figures? by rmdingler · · Score: 1
    Every year? Bounties are of interest to professional hackers... those with your skills but not the time-consuming albatross that is your day job.

    Just figure out

    how to protect the jerbs in your trade like a good union would. Unions aren't the be-all, end-all, method of organizing labor to purchase political influence; though, they do accomplish that goal, despite union graft, much better than doing nothing.

    On influence and the lack thereof: No organized attempt to participate in the process is plausibly the operative reason H1B is such a threat to the formerly decent living programming used to provide.

    --
    Happiness in intelligent people is the rarest thing I know.

    Ernest Hemingway

  5. Remote exploits are worth a whole lot more by Anonymous Coward · · Score: 1

    Remote exploits are worth a whole lot more than that. Imagine being able to infect any host that visits your website. Those type of bugs are beyond critical.

  6. Why make six when you can make eight or nine? by Gravis+Zero · · Score: 4, Insightful

    It's true that nobody has claimed the prize but it's also true that you can make significantly more money by making and licensing an exploit to governments. The FBI paid out $1M just to unlock an old ass iPhone so how much do you think they would pay to remotely exploit the latest versions of Android?

    Google's payouts are not proportional to their market value and that's why people aren't claiming them.

    --
    Anons need not reply. Questions end with a question mark.
    1. Re: Why make six when you can make eight or nine? by Anonymous Coward · · Score: 0

      It's probably worth upwards of 10 million depending on how many devices it would work on.

    2. Re:Why make six when you can make eight or nine? by Actually,+I+do+RTFA · · Score: 1

      Also why the Randi prize is meaningless. Any of the supernatural effects you could prove would make more than that on the open market.

      --
      Your ad here. Ask me how!
    3. Re:Why make six when you can make eight or nine? by Anonymous Coward · · Score: 1

      Also why the Randi prize is meaningless. Any of the supernatural effects you could prove would make more than that on the open market.

      Android exploits are different, in the sense that once you disclose them to Google, or publicly, they will eventually stop existing. However, there's nothing preventing you from using your powers *and* getting the Randi prize. Plus, some people wouldn't want to do harm, by using their powers (whether that's robbing a bank by traversing walls, or by magically knowing the lottery numbers, etc). For this kind of people, the Randi prize would be just a way of proving we don't yet know much about the world. Or even if you had a simpler power. Imagine some sort of telekinetic ability to warm up food or drinks. It would still be worth a prize, yet be of little use when selling your services (unless you work for Domino's).

  7. In other news by Trogre · · Score: 1

    In response to this, Apple just doubled its reward for hacking Android to USD $800,000.

    And Microsoft increased its reward to a Zune and a box of beer.

    --
    "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  8. exactly WTF are they thinking trustzone exploit... by Anonymous Coward · · Score: 0

    a trustzone exploit would be worth millions in PR let alone anything else considering googles size this is frankly pathetic

  9. Want to make six figures? Just hack an Android by Trax3001BBS · · Score: 1

    That statement has to be against the law some place. Florida has my bet.