Google has agreed to pay $1 million to any hacker who bypasses the security of the Titan M processor on Pixel smartphones. A large cash prize will be awarded to a cyber specialist who has created a complete exploit chain with remote code execution for a specialized chip.
Moreover, the Android Security Rewards program provides an additional bonus of 50% for finding critical vulnerabilities in individual versions of Android for developers. Thus, the total amount of remuneration can reach $1.5 million.
Titan M was first installed in Pixel 3, released in 2018. The module is entirely responsible for device security – for protecting the primary processor, accounts and application data, as well as encrypting the drive and the integrity of the operating system.
In addition to the Titan M hacking award, the company added new exploit categories to its Android Security Rewards program, launched in 2015. The prize for detecting these vulnerabilities, including data exfiltration and bypassing screen locking, amounts to $500,000. Details of the contest are available on Google’s website.
In 2019, the company paid $1.5 million for Android bugs, large and small, and more than $4 million over the past four years. This year’s average reward was $15,000. The largest payment – $161,337 – went to a specialist who created a chain of exploits with remote code execution on Pixel 3.