Google offers million-dollar bug bounty reward

News
By
published

Search giant raises bug bounty payouts to help secure its Titan M chip

Cyber security. Data protection concept. Banking security. Hands touching digital icon padlock and network connection on mobile smartphone, virtual interface screen. - Image
(Image credit: Shutterstock)

In an effort to help improve the security of its Pixel smartphones, Google has announced that it has raised its bug bounty rewards from $200,000 to a maximum of $1.5m.

The new rewards will be available to security researchers and white-hat hackers who are able to successfully hack the Titan M security chip found in the company's Pixel devices.

In a recent blog post, Google revealed that it increased the payouts for its Android Security Rewards and that it has already paid out over $4m in bug bounties as a result of 1,800 reports from those who were able to identify vulnerabilities on its platform.

Jessica Lin from the Android Security Team explained how the company is expanding the program to also include developer preview versions of Android, saying:

“We are introducing a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices. Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million.”

Titan M chip

Google first introduced its Titan M chip with the release of the Pixel 3 smartphone last year. The chip itself adds deep, device-level protection in order to separate the most sensitive data stored on Pixel smartphones from their main processor to help protect against certain types of attacks.

The Titan M chip can also be found in the search giant's Titan Security Key which can be used to help secure user accounts on Android, Chrome OS, macOS and Windows.

Google has also expanded its bug bounty rewards to cover other critical device security areas such as data exfiltration and lockscreen bypass and depending on the exploit category, these rewards can go up to $500k.

The company first created the Android bug bounty program back in 2015 but its scope has been increased in recent years as Google tries to clamp down on malicious apps in the Google Play Store and other threats to the Android ecosystem as a whole.

Via Threat Post

TOPICS
Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home. 

Latest in Security
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Woman using iMessage on iPhone
UK government guidelines remove encryption advice following Apple backdoor spat
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Wordpress brand logo on computer screen. Man typing on the keyboard.
Thousands of WordPress sites targeted with malicious plugin backdoor attacks
HTTPS in a browser address bar
Malicious "polymorphic" Chrome extensions can mimic other tools to trick victims
ransomware avast
Hackers spotted using unsecured webcam to launch cyberattack
Latest in News
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Google Pixel 9
There's something strange going on with Google Pixel phone vibrations after the latest update
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
More about security
Woman shocked by online scam, holding her credit card outside

Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
Cryptocurrencies

Ransomware’s favorite Russian crypto exchange seized by law enforcement
The Asus ROG Harpe Ace Mini gaming mouse on a table

The Asus ROG Harpe Ace Mini might be small, but few mice have impressed me this much
See more latest
Most Popular
Woman shocked by online scam, holding her credit card outside
Cybercriminals used vendor backdoor to steal almost $600,000 of Taylor Swift tickets
ChatGPT vs Gemini comparison
I compared GPT-4.5 to Gemini 2.0 Flash and the results surprised me
Brother HL-L2865DW during our review process
Brother denies claims it locked down third-party printer ink cartridges via forced firmware updates
Telo MT1
The anti-Cybertruck? This new electric pick-up is the size of a Mini and the cutest way to haul your gear
Apple iPhone 16 Plus
Apple officially delays the AI-infused Siri and admits, ‘It’s going to take us longer than we thought’
AMD Ryzen 9000 3D chips
AMD officially announces price and release date for Ryzen 9 9900X3D and 9950X3D processors
Microtik RDS2216 data server
This is Amazon's first foray in servers, and certainly not the last: MicroTik franken-router is powered by the AWS Graviton 1 Arm CPU
The Meta Quest Pro on its charging pad on a desk, in front of a window with the curtain closed
Samsung, Apple and Meta want to use OLED in their next VR headsets – but only Meta has a plan to make it cheap
Cryptocurrencies
Ransomware’s favorite Russian crypto exchange seized by law enforcement
Google Pixel 9
There's something strange going on with Google Pixel phone vibrations after the latest update