Bug hunters fail third year in a row to get top prize in Android hacking program

Bug hunters fail third year in a row to get top prize in Android hacking program 1

Security researchers have failed to win the top reward in Google’s Android bug bounty program once again. This is the third year in a row bug hunters fail to win the largest prize Google is willing to pay for any type of security-related bug.

Anyone who would have submitted a successful submission for a remote exploit chain leading to a TrustZone or Verified Boot compromise on an Android device could have earned up to $200,000, according to the Android Security Rewards, the name of Google’s Android bug bounty program.

Also: Tens of iOS apps caught collecting and selling location data

Over the years, researchers have found it very difficult to put together remote exploit chains that could compromise TrustZone or Verified Boot, two of the Android OS’ most powerful security features.

Coinbase 3

Google offered meager rewards in the program’s first year, in 2015, but seeing that researchers weren’t coming up with remote exploits against TrustZone or Verified Boot, the company increased rewards to $50,000 in June 2016, and then to $200,000 last year, in June 2017.

Project Zero, Google’s in-house team of security researchers, also held their own separate contest between September 2016 and March 2017, during which they also offered a $200,000 reward for the same type of remote Android hack, but nobody managed to claim that prize either.

TechRepublic: Google’s Android Things is here, boosting security for enterprise IoT deployments

But despite failing to gain the top prize in Google’s Android bug bounty, researchers were extremely prodigious in finding other security flaws. In a blog post today, Google said that since the program’s launch in 2015, the company paid over $3 million in rewards, with roughly $1 million per year.

In a retrospective of the past year, Jason Woloz and Mayank Jain of the Android Security & Privacy Team said 99 different bug hunters submitted 470 vulnerability reports in the past year.

The average payout per approved bug report was $2,600, while the average payout per researcher was $12,500, up 23 percent compared to last year.

This year’s highest bug payout went to Guang Gong, a Chinese security researcher with Alpha Team at Qihoo 360 Technology Co. Ltd., who received $105,000 for a remote exploit chain formed of two vulnerabilities (CVE-2017-5116 and CVE-2017-14904) against a Google Pixel device. To date, this is Google’s highest payout for an Android bug.

CNET: Best Android Apps for 2018

But bug hunters were also successful in another Android-related bug bounty program, which is the Google Play Security Reward Program.

Launched last year in October, this program rewards researchers who find bugs in popular third-party Android apps. Google said it accepted 30 bug reports in the past year and paid a combined bounty amount of over $100,000.

Last but not least, similar to last year, Google also published today a list of 250 Android smartphone models that are currently running a version of the Android OS running a security update from the last 90 days.

Google started publishing this list last year in an effort to recognize phone makers who keep their devices up to date, and also provide a guiding list for users who want to purchase a device that regularly receives security updates.

This year’s list includes devices from makers such as ANS, ASUS, BlackBerry, Blu, bq, Docomo, Essential, Fujitsu, General Mobile, HTC, Huawei, Itel, Kyocera, Lanix, Lava, LGE, Motorola, Nokia, OnePlus, Oppo, Positivo, Samsung, Sharp, Sony, Tecno, Vestel, Vivo, Vodafone, Xiaomi, ZTE, and, of course, Google itself.

Related coverage:

Bug hunters fail third year in a row to get top prize in Android hacking program 2
About the author

E-Crypto News was developed to assist all cryptocurrency investors in developing profitable cryptocurrency portfolios through the provision of timely and much-needed information. Investments in cryptocurrency require a level of detail, sensitivity, and accuracy that isn’t required in any other market and as such, we’ve developed our databases to help fill in information gaps.

Related Posts

Leave a Reply

E-Crypto News Executive Interviews



bitcoin
Bitcoin (BTC) $ 33,703.00
ethereum
Ethereum (ETH) $ 1,971.11
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 296.13
cardano
Cardano (ADA) $ 1.25
dogecoin
Dogecoin (DOGE) $ 0.236763
xrp
XRP (XRP) $ 0.640794
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 15.86
binance-usd
Binance USD (BUSD) $ 1.00
USD
EUR
GBP
bitcoinBitcoin (BTC)
$ 33,703.00
ethereumEthereum (ETH)
$ 1,971.11
tetherTether (USDT)
$ 1.00
bitcoin-cashBitcoin Cash (BCH)
$ 473.05
litecoinLitecoin (LTC)
$ 128.86
bitcoinBitcoin (BTC)
28.315,74
ethereumEthereum (ETH)
1.656,04
tetherTether (USDT)
0,840155
bitcoin-cashBitcoin Cash (BCH)
397,44
litecoinLitecoin (LTC)
108,26
bitcoinBitcoin (BTC)
24,233.97
ethereumEthereum (ETH)
1,417.32
tetherTether (USDT)
0.719045
bitcoin-cashBitcoin Cash (BCH)
340.14
litecoinLitecoin (LTC)
92.66

Automated trading with HaasBot Crypto Trading Bots

Crypto Scams

What Role Do Cryptocurrencies Play In The Era Of Ransomware Attacks?
June 9, 2021
Crypto Scams On The Rise As Market Enters Bull Cycle
Crypto Scams On The Rise As Market Enters Bull Cycle
December 22, 2020
Harpreet Singh Sahni perpetrated the Plus Gold Union Coin (PGUC) scam
Sydney Concert Promoter Harpreet Sahni Involved In $50M Crypto PGUC Scam
November 2, 2020
KuCoin hackers steal $150 million
KuCoin Exchange Hacked But Insurance Will Cover The Stolen $150M
September 29, 2020
Mining City insists that it is legit
Mining City Refutes Claims By Philippines SEC Of Being A Scam
September 23, 2020

Blockchain/Cryptocurrency Questions and Answers

What Is Plethori Platform And How Does It Work?
June 12, 2021
What Is The Fudge Token?
What Is The Fudge Token?
June 5, 2021
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
What Is Shiba Inu (SHIB) Cryptocurrency And How Does It Work?
May 31, 2021
What Is PancakeSwap And How Does It Work?
What Is PancakeSwap And How Does It Work?
May 27, 2021
How Has Internet Computer (ICP) Become A Top-10 Crypto?
How did “Internet Computer Coin”(ICP) Become A Top-5 Crypto?
May 19, 2021


CryptoCurrencyUSDChange 1hChange 24hChange 7d
Bitcoin33,662 0.79 % 4.40 % 12.16 %
Ethereum1,968.3 1.07 % 5.66 % 16.80 %
Tether1.000 0.12 % 5.35 % 0.31 %
Binance Coin297.71 2.13 % 14.42 % 14.07 %
Cardano1.250 1.64 % 9.76 % 15.38 %
Dogecoin0.2360 1.78 % 25.01 % 23.18 %
XRP0.6466 1.88 % 19.71 % 22.64 %
USD Coin1.000 0.25 % 0.45 % 0.29 %
Polkadot15.82 0.86 % 11.10 % 30.73 %
Binance USD1.000 0.16 % 0.42 % 0.24 %

bitcoin
Bitcoin (BTC) $ 33,703.00
ethereum
Ethereum (ETH) $ 1,971.11
tether
Tether (USDT) $ 1.00
binance-coin
Binance Coin (BNB) $ 296.13
cardano
Cardano (ADA) $ 1.25
dogecoin
Dogecoin (DOGE) $ 0.236763
xrp
XRP (XRP) $ 0.640794
usd-coin
USD Coin (USDC) $ 1.00
polkadot
Polkadot (DOT) $ 15.86
binance-usd
Binance USD (BUSD) $ 1.00