Category Archives: bug bounty

Google ups bug bounties for Android flaws, exploits

Google has expanded the Android Security Rewards (ASR) program and increased the bug bounties it’s willing to award for certain kinds of exploits. About the Android Security Rewards Program ASR covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets, which are currently Pixel 4, Pixel 3a and Pixel 3a XL, and Pixel 3 and Pixel 3 XL. “Eligible bugs include those in AOSP code, OEM code (libraries and drivers), … More

The post Google ups bug bounties for Android flaws, exploits appeared first on Help Net Security.

Google will pay up to $1.5m for full chain RCE for Android on Titan M chips

Google announced that it will increase bug bounty rewards for Android, it will pay up to $1.5 million for bugs that allow to hack new Titan M security chip.

At the end of 2018, Google announced its Titan M dedicated security chip that is currently installed on Google Pixel 3 and Pixel 4 devices. The chip was designed to process sensitive data and processes, include Verified Boot, on-device disk encryption, and secure transactions.

Now Google announced that it will pay up to $1 million white hat hackers that will devise “a full chain remote code execution exploit with persistence.”

The bug hunters can receive up to $1.5 million for reporting exploit chain working against a preview version of the Android OS.

The decision of Google to increase bug bounty payouts is the response of the tech giant to bug bounty programs operated by zero-day brokers like Zerodium that are offering greater rewards for similar issues. In September, Zerodium has updated the price list for both Android and iOS exploits, with Android ones having surpassed the iOS ones for the first time.

A zero-click exploit chain for Android would be rewarded with up to $2.5 million, while an exploit chain for iOS only $2 million.

“Android security is improving with every new release of the OS thanks to the security teams of Google and Samsung, so it became very hard and time consuming to develop full chains of exploits for Android and it’s even harder to develop zero click exploits not requiring any user interaction,” explained Zerodium’s CEO Chaouki Bekrar.

Below the definition for full exploit chain provided by Google.

“We will reward extra for a full exploit chain (typically multiple vulnerabilities chained together) that demonstrates arbitrary code execution, data exfiltration, or a lockscreen bypass.” reads the Android Security Rewards Program Rules. “The actual reward amount is at the discretion of the rewards committee and depends on a number of factors, including (but not limited to):

  • Whether there is a detailed writeup describing how the exploit works.
  • The initial attack vector (ie. remote exploitation versus local).
  • Whether the exploit is device- or build-specific, or whether it works across a broad set of builds and devices.
  • The amount of user interaction required for the exploit to work.
  • Whether the user could feasibly detect that an exploit is in progress or has completed.
  • How reliable the exploit is.
  • Exploits chains found on specific developer preview versions of Android are eligible for up to an additional 50% reward bonus.

Below the maximum exploit rewards for each type of exploit:

Code execution reward amounts

DescriptionMaximum Reward
Pixel Titan MUp to $1,000,000
Secure ElementUp to $250,000
Trusted Execution EnvironmentUp to $250,000
KernelUp to $250,000
Privileged ProcessUp to $100,000

The maximum reward for data of high-value data secured by Pixel Titan M is $500,000 while the maximum reward for Lockscreen bypass is up to $100,000.

Additional info is available on Android Security Rewards Program Rules page.

Pierluigi Paganini

(SecurityAffairs – Titan M, Android)

The post Google will pay up to $1.5m for full chain RCE for Android on Titan M chips appeared first on Security Affairs.

GitHub Security Lab aims to make open source software more secure

GitHub, the world’s largest open source code repository and leading software development platform, has launched GitHub Security Lab. “Our team will lead by example, dedicating full-time resources to finding and reporting vulnerabilities in critical open source projects,” said Jamie Cool, VP of Product Management, Security at GitHub. GitHub Security Lab GitHub Security Lab is a program aimed at researchers, maintainers, and companies that want to contribute to the overall security of open source software. Current … More

The post GitHub Security Lab aims to make open source software more secure appeared first on Help Net Security.