Google Announces $1M+ Bounty
Google is willing to award up to $1.5 million to hackers who can successfully hack its Titan M security chip on the company’s Pixel devices as part of an expansion of its Android bug-bounty program unveiled this week. Google already has paid out more than $4 million in 1,800 reports to those who've identified vulnerabilities on the platform.
The expansion of the program focus on Google's own technology rather than the greater ecosystem, with the company offering a significant prize for hackers to test the security of its Titan security chip on it's forthcoming versions of Android.
Google introduced Titan M in its Pixel 3 smartphone released last year. The chip adds deep, device-level protection to separate the most sensitive data stored on the Pixel from its main processor, which can protect it from certain types of attacks. Google also integrated Titan M in its Android security-key technology, releasing the Titan Security Key in August 2018. The technology is a USB dongle that offers an added layer of security features for Google accounts, such as two-factor authentication and protections from phishing attacks.
Earlier this month, Google announced an alliance with three endpoint security companies to help prevent the spread of malware on the ecosystem of Android mobile devices. That move came after years of unsuccessfully battling malware and bad apps in the Google Play store and on more than 2.5 billion Android devices. The Titan Security Key itself was even a victim of Google’s persistent security woes. In May the company recalled Bluetooth versions of the device after finding a vulnerability that allows attackers in close proximity to take control of the device.