Notebookcheck

Google now offers a US$1 million bounty for Titan M chipset vulnerabilities

Report a verifiable Titan M hack, get up to $1 million. (Source: F3News)
Report a verifiable Titan M hack, get up to $1 million. (Source: F3News)
Google's updated Android Security Rewards Program now offers up to six-figure rewards for reporting potential severe exploits that affect its Titan M security module. It applies to such discrepancies that can affect the Pixel 4, 3 and 3a smarphone series. Other similar bounties include up to US$250000 for Secure Element or Trusted Execution Environment hacks.

Google has updated its Android Security Rewards Program so as to integrate the new Pixel 4 and Pixel 4 XL devices, and to refresh the bounties that are offered for executable vulnerabilities that affect the Titan M security chip found in these phones, as well as in the Pixel 3, 3 XL, 3a and 3a XL. smarphone series.

The Mountain View giant's mobile-OS Security Rewards Program's next highest bounty is for up to half a million US dollars, potentially payable to anyone who can bypass existing safeguards to extract high-value data in the presence of the Titan M platform. It offers up to $250000 for the same secured by a Google Secure Element. 

Reports of code-executions that affect such an Element are also potentially valued at the same amount, as are those that target Trusted Execution Environments in Android. In addition, there is also up to $100000 for the ability to identify new methods of impugning a phone's lockscreen.

Those aiming to claim such rewards would be best served by writing them up in full, as well as the ability to define and characterize them properly. This includes criteria such as whether the vulnerability in question is device-agnostic or not; whether the attack vector has been nominated correctly; the exploit's reproducibility and what must be done to take advantage of it.

static version load dynamic
Loading Comments
Comment on this article
Please share our article, every link counts!
> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > Google now offers a US$1 million bounty for Titan M chipset vulnerabilities
Deirdre O Donnell, 2019-11-23 (Update: 2019-11-23)
Deirdre O'Donnell
I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.