Google will pay $1.5 million for the most severe Android exploits

Enlarge (credit: New Line Cinema)

Google will pay up to $1.5 million for the most severe hacks of its Pixel line of Android phones, a more than seven-fold increase over the previous top Android reward, the company said.

Effective immediately, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” the company said in a post published on Thursday. The company will also pay $500,000 for exploits that exfiltrate data out of a Pixel or bypass its lock screen.

Google will offer a 50 percent bonus to any of its rewards if the exploit works on specific developer preview versions of Android. That means a critical Titan M hack on a developer preview could fetch $1.5 million, and a data exfiltration or lockcscreen bypass on a developer preview could earn $750,000, and so on. Previously, rewards for the most severe Android exploits topped out at $200,000 if they involved the trusted execution environment—an independent OS within Android for handling payments, multi-factor authentication, and other sensitive functions—and $150,000 if they involved compromise only on the Android kernel.

Read 5 remaining paragraphs | Comments

via Biz & IT – Ars Technica https://ift.tt/2O80LYd