Win $1.5 million hacking an Android phone

Graham Cluley @gcluley

Win $1.5 million hacking an Android phone

Google says that the bug bounty program it runs to reward researchers who find security vulnerabilities in its software and services is working well.

In what it described as “another record-breaking year”, Google dished out over $6.5 million to bug-hunters through its various Vulnerability Reward Programs.

Google vuln reward chart

If you like the idea of taking a large chunk of change out of Google’s coffers, and helping to improve security for millions of internet users at the same time, then you could do a lot worse than check out how the company has increased its reward payouts.

In particular, those with a specific interest in Android security, could earn a huge amount of money if they are able to find a qualifying vulnerability in Google’s Titan M security chip custom-built for the firm’s Pixel 3, Pixel 3a, and Pixel 4 smartphones:

Android Security Rewards expanded its program with new exploit categories and higher rewards. The top prize is now $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. And if you achieve that exploit on specific developer preview versions of Android, we’re adding in a 50% bonus, making the top prize $1.5 million.

$1.5 million? Wow. Of course, there are rules

Good luck, and don’t forget – if you’re lucky enough to win – that I’m the guy who told you about it.

Graham Cluley Graham Cluley is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent security analyst, he regularly makes media appearances and is an international public speaker on the topic of computer security, hackers, and online privacy. Follow him on Twitter at @gcluley, or drop him an email.