Google Offers $1.5M Bug Bounty for Android 13 Beta

  /     /     /  
Publicated : 23/11/2024   Category : security


Google Offers $1.5M Bug Bounty for Android 13 Beta


The security vulnerability payout set bug hunters rejoicing, but claiming the reward is much, much easier said than done.



Google has expanded its bug-bounty program to offer a whopping $1.5 million for a top-notch Android 13 Beta exploit – specifically, for a hack of the Titan M security chip that ships with Pixel phones.
Android 13 Beta became available
last week to developers and early adopters, with Google promising an outsized focus on privacy and security. It apparently aims to deliver in that department, if the bounty bump is any indication.
The Internet giant announced a 50% bonus for all Android 13 Beta exploits on Twitter and updated its
Android program page
to reflect the offer, adding an important caveat: Vulnerabilities must be exclusive to Android 13 and must not reproduce on any other version of Android, it noted.
To take advantage of the largess, bug hunters will need to set off on safari soon: The increased rewards are only good for reports filed before May 27.
Putting the $1.5M Payout into Context
For a sense of perspective on that payout number, its worth noting that $1.5 million is exponentially larger than the
highest-ever bounty
for an Android vulnerability, which was paid last year — $157,000 for a critical exploit chain in an unspecified component. Its also half the amount paid out in the entirety of 2021 for Android flaws ($3 million total, across hundreds of exploits), and roughly equal to the sum total of payouts in 2020. So, this is a lot of love for one bug.
That said, the likelihood of seeing a payout that size is a long shot. Thats because it would be connected to the last time Google dabbled in big-bucks territory: In 2019, it began offering $1 million to anyone who could
hack the Titan M security chip
, which is embedded in Google Pixel smartphones. Specifically, it requires a full chain remote code execution exploit with persistence, which compromises the Titan M secure element on Pixel devices.
But so far, that reward has gone unclaimed. Thus, to reel in the $1.5 million on offer, an ethical hacker would need to not only subvert the never-subverted Titan M, but also make sure the exploit works on Android 13 Beta – and only on Android 13 Beta.
The difficulty scale hasnt deterred some. As one
bounty hunter tweeted
, BRB going to sell my soul to the hacker gods to get a full remote code execution exploit chain on the Titan M.
All Android 13 Beta Exploits Get a Bump
Googles other rewards for finding an exploitable security vulnerability in Android are also subject to the 50% bonus for Android 13 Beta. Those run anywhere from $75,000 (for a Device Policy Controller bypass or code execution in a privileged process) to $500,000 (for exfiltrating high-value data secured by Titan M). Most rewards clock in at $250,000.
OEM code (libraries and drivers), Digital Car Keys, kernel, boot-loader, Secure Element code, TrustZone OS and apps, system on chip (SoC), MicroController Unit (MCU), Boot ROM, RAM memory, Flash memory, filesystem, Trusted Execution Environment (TEE), radio units, etc., are all considered eligible targets.

Last News

▸ Researchers create BlackForest to gather, link threat data. ◂
Discovered: 23/12/2024
Category: security

▸ Travel agency fined £150,000 for breaking Data Protection Act. ◂
Discovered: 23/12/2024
Category: security

▸ 7 arrested, 3 more charged in StubHub cyber fraud ring. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Google Offers $1.5M Bug Bounty for Android 13 Beta