Google offers up to $1.5 million bounty for remotely hacking Titan M chip

v

With its latest announcement to increase bug bounty rewards for finding and reporting critical vulnerabilities in the Android operating system, Google yesterday set up a new challenging level for hackers that could let them win a bounty of up to $1.5 million.

Starting today, Google will pay $1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices,” the tech giant said in a blog post published on Thursday.

Moreover, if someone manages to achieve the same in the developer preview versions of Android, Google will pay an additional $500,000, making the total to $1.5 million—that’s 7.5 times more than the previous top Android reward.

Introduced within the Pixel 3 smartphones last year, Google’s Titan M secure element is a dedicated security chip that sits alongside the main processor, primarily designed to protect devices against the boot-time attacks.

In other words, Titan M chip is a separate hardware component to Android Verified Boot that also takes care of sensitive data, lock-screen passcode verification, factory-reset policies, private keys, and also offers secure API for critical operations…

http://feedproxy.google.com/~r/TheHackersNews/~3/xzBgGf23waY/google-pixel-titan-m-chip.html

Leave a Reply