Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Android Bug Google Privacy Security The Almighty Buck

Google Quadruples Top Reward For Hacking Android To $200,000 (venturebeat.com) 14

Krystalo quotes a report from VentureBeat: Google has paid security researchers millions of dollars since launching its bug bounty program in 2010. The company today expanded its Android Security Rewards program because "no researcher has claimed the top reward for an exploit chain in two years." Right. Well, the program has only been around for two years -- a Google spokesperson confirmed that nobody has ever claimed the top reward. The Android team is making two bug bounty increases today. The reward for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise has quadrupled from $50,000 to $200,000. The reward for a remote kernel exploit has quintupled from $30,000 to $150,000. Want to make six figures? Just figure out how to hack Android.
This discussion has been archived. No new comments can be posted.

Google Quadruples Top Reward For Hacking Android To $200,000

Comments Filter:
  • i think all you need to do is make sure the carrier doesn't properly push updates and then give it to a consumer who will proceed to download/click on anything until it's hosed. am i rich yet?
  • Every year? Bounties are of interest to professional hackers... those with your skills but not the time-consuming albatross that is your day job.

    Just figure out

    how to protect the jerbs in your trade like a good union would. Unions aren't the be-all, end-all, method of organizing labor to purchase political influence; though, they do accomplish that goal, despite union graft, much better than doing nothing.

    On influence and the lack thereof: No organized attempt to participate in the process is plausibly the operative reas

  • by Anonymous Coward

    Remote exploits are worth a whole lot more than that. Imagine being able to infect any host that visits your website. Those type of bugs are beyond critical.

  • by Gravis Zero ( 934156 ) on Thursday June 01, 2017 @07:12PM (#54530559)

    It's true that nobody has claimed the prize but it's also true that you can make significantly more money by making and licensing an exploit to governments. The FBI paid out $1M just to unlock an old ass iPhone so how much do you think they would pay to remotely exploit the latest versions of Android?

    Google's payouts are not proportional to their market value and that's why people aren't claiming them.

    • Also why the Randi prize is meaningless. Any of the supernatural effects you could prove would make more than that on the open market.

      • by Anonymous Coward

        Also why the Randi prize is meaningless. Any of the supernatural effects you could prove would make more than that on the open market.

        Android exploits are different, in the sense that once you disclose them to Google, or publicly, they will eventually stop existing. However, there's nothing preventing you from using your powers *and* getting the Randi prize. Plus, some people wouldn't want to do harm, by using their powers (whether that's robbing a bank by traversing walls, or by magically knowing the lottery numbers, etc). For this kind of people, the Randi prize would be just a way of proving we don't yet know much about the world. Or e

  • In response to this, Apple just doubled its reward for hacking Android to USD $800,000.

    And Microsoft increased its reward to a Zune and a box of beer.

  • That statement has to be against the law some place. Florida has my bet.

As you will see, I told them, in no uncertain terms, to see Figure one. -- Dave "First Strike" Pare

Working...