Google now offers a US$1 million bounty for Titan M chipset vulnerabilities

Report a verifiable Titan M hack, get up to $1 million. (Source: F3News)

Google's updated Android Security Rewards Program now offers up to six-figure rewards for reporting potential severe exploits that affect its Titan M security module. It applies to such discrepancies that can affect the Pixel 4, 3 and 3a smarphone series. Other similar bounties include up to US$250000 for Secure Element or Trusted Execution Environment hacks.

Deirdre O Donnell, Published 11/23/2019

Google has updated its Android Security Rewards Program so as to integrate the new Pixel 4 and Pixel 4 XL devices, and to refresh the bounties that are offered for executable vulnerabilities that affect the Titan M security chip found in these phones, as well as in the Pixel 3, 3 XL, 3a and 3a XL. smarphone series.

The Mountain View giant's mobile-OS Security Rewards Program's next highest bounty is for up to half a million US dollars, potentially payable to anyone who can bypass existing safeguards to extract high-value data in the presence of the Titan M platform. It offers up to $250000 for the same secured by a Google Secure Element.

Reports of code-executions that affect such an Element are also potentially valued at the same amount, as are those that target Trusted Execution Environments in Android. In addition, there is also up to $100000 for the ability to identify new methods of impugning a phone's lockscreen.

Those aiming to claim such rewards would be best served by writing them up in full, as well as the ability to define and characterize them properly. This includes criteria such as whether the vulnerability in question is device-agnostic or not; whether the attack vector has been nominated correctly; the exploit's reproducibility and what must be done to take advantage of it.

Source(s)

Google Application Security

The revamped bounty is open to all, with bigger rewards (Image source: Panda Security)

Apple Security Bounty revamped: now invitation-free, with bigger rewards 12/21/2019

The illegal streaming websites iStreamItAll and Jetflicks have been shut down by the FBI and DoJ. (Image: iStreamItAll splash page)

FBI shuts down 2 illegal streaming sites, one of which is bigger than Netflix, Amazon Prime, and Hulu combined 12/16/2019

Several Ring home cameras breached, recycled passwords likely to blame 12/16/2019

The Communication Limits feature in iOS 13.3 can easily be bypassed. (Image via Apple)

New bug in iOS 13.3 allows kids to circumvent Communication Limits parental controls 12/14/2019

The new Gimdow smart lock. (Source: Gimdow)

The new Gimdow smart lock does not require a door teardown to install it 12/10/2019

Google Photos may get more like messaging apps in the future. (Source: Google)

Google introduces a new setting for more private, direct-to-contact photo sharing 12/04/2019

Google founders Larry Page and Sergey Brin are stepping down their respective roles as CEO and President of Alphabet. (Source: Getty)

Larry Page, Sergey Brin step down from Alphabet, Sundar Pichai takes over the reins 12/04/2019

A new Google Messages update has a new setting. (Source: Google)

Google's Messages app gains a new ability to protect against phishing 11/30/2019

Google has some offers for Black Friday. (Source: Google)

Google's Black Friday sale makes its Pixel prices look much more reasonable 11/29/2019

YI partners with Home Depot for its Black Friday outdoor camera sale 11/27/2019

Get about 30% off Reolink's best-rated, PoE or wireless security cameras 11/26/2019

OnePlus has admitted that a third party may have made off with its customer data. (Source: DigitalTrends)

OnePlus reports a data security breach that affects its customers 11/23/2019

Lenovo busted for secretly paying cybersecurity "influencers" to promote ThinkShield 11/21/2019

Some more Qualcomm 9205 LTE modem specs. (Source: Qualcomm)

AT&T approves Qualcomm’s new 9205 LTE modem for its IoT bands 11/20/2019

Google Camera could have been used for some extremely shady hacking activities. (Source: XDA)

The cameras on "hundreds of millions" of Android phones could have been hijacked 11/19/2019

The Samsung Galaxy S10 5G. (Source: Twitter)

The Samsung Galaxy S10 5G adds 3D face-unlocking to its security options 11/10/2019

The Samsung Galaxy Tab S6. (Source: Samsung)

The Samsung Galaxy Tab S6 gets the November 2019 security patch 11/08/2019

The daily average use of DuckDuckGo since 2010 has grown exponentially. Image via DuckDuckGo

DuckDuckGo, the privacy-focused search engine, hits 50 million daily searches 11/06/2019

Hackers target legacy Windows PCs to mine crypto via BlueKeep exploit 11/06/2019

November 2019 Android security update now available for Pixel phones, but not the original Pixel 11/04/2019

Loading Comments

Comment on this article

OnePlus reports a data security bre...

New Samsung Galaxy S11e renders sho...

Deirdre O Donnell - Senior Tech Writer - 6335 articles published on Notebookcheck since 2018

I became a professional writer and editor shortly after graduation. My degrees are in biomedical sciences; however, they led to some experience in the biotech area, which convinced me of its potential to revolutionize our health, environment and lives in general. This developed into an all-consuming interest in more aspects of tech over time: I can never write enough on the latest electronics, gadgets and innovations. My other interests include imaging, astronomy, and streaming all the things. Oh, and coffee.

contact me via: LinkedIn

Please share our article, every link counts!

.170

> Notebook / Laptop Reviews and News > News > News Archive > Newsarchive 2019 11 > Google now offers a US$1 million bounty for Titan M chipset vulnerabilities

Deirdre O Donnell, 2019-11-23 (Update: 2019-11-23)

Google now offers a US$1 million bounty for Titan M chipset vulnerabilities

Source(s)

Related Articles