With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million.
Starting today, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” the tech giant said in a blog post published on Thursday.
Moreover, if someone manages to achieve the same in the developer preview versions of Android, Google will pay an additional $500,000, making the total to $1.5 million—that’s 7.5 times more than the previous top Android reward.
Introduced within the Pixel 3 smartphones last year, Google’s Titan M secure element is a dedicated security chip that sits alongside the main processor, primarily designed to protect devices against the boot-time attacks.
In other words, Titan M chip is a separate hardware component to Android Verified Boot that also takes care of sensitive data, lock-screen passcode verification, factory-reset policies, private keys, and also offers secure API for critical operations like payment and app transactions.
Considering this, it’s usually tough to find a 1-click remote code execution exploit chain on the Pixel 3 and 4 devices, an
images from Hacker News