demonstrate flaws in the company’s smartphone operating system in exchange for cold, hard cash.
“Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests,” Google’s Natalie Silvanovich wrote in a blog post. “The goal of this contest is to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices’ phone number and email address.”
Here’s how it works: Hackers who uncover a serious security bug, exploit, or flaw in Android are encouraged to publish them on the Android issue tracker, a public forum devoted to documenting Android issues from visual glitches to wonky Wi-Fi. Posts will have to be detailed — contest participants must share a “full description” of how the exploit works with the expectation that, if verified independently, they’ll be published on a public Google blog. They’ll have to work on Google’s branded Nexus devices, the Huawei-made Nexus 6P and LG’s Nexus 5X, plus any devices running an up-to-date build of Android 7.0 Nougat. And the more, the better — reported bugs can contribute to a larger Project Zero submission at any time during the contest’s six-month period, Google said.
The prizes ain’t half bad. The winner of the contest takes home $200,000, while the runner-up will net $100,000. And an undisclosed number of entries will be receive a consolatory prize of $50,000. And there’s no way to lose: Google said that bugs that aren’t submitted during the entry period may be considered for other contests like Android Security Rewards, as well as future, as-yet-unannounced promotions.
Project Zero’s impetus, Google said, was discovering bugs that would otherwise go unreported. Another motivation? Developing fixes quickly, and in some cases pre-emptively. “Our main motivation is to gain information about how these bugs and exploits work,” Silvanovich wrote.” There are often rumors of remote Android exploits, but it’s fairly rare to see one in action. We’re hoping this contest will improve the public body of knowledge on these types of exploits.”
0 comments:
Post a Comment