Bug hunters fail third year in a row to get top prize in Android hacking program

Security researchers were unable to once again acquire the Android bug's Google bug program first prize. This is the third consecutive year that a bug hunter failed to acquire the maximum price Google can pay for any kind of security bug.

Those who successfully submitted TrustZone's compromise and remote control chain submission for launching on Android-powered devices, according to Android's Android security program, that you can earn the name of Google's Android bug program to $ 200,000 I can do it.

Also, dozens of iOS applications collect and sell location information

For several years researchers discovered that it is very difficult to set up remote operation chains that could threaten TrustZone or Boot Boot, two of the most powerful security features of Android OS. did.

In 2015 Google provided a small fee in the first year of the program but researchers do not provide remote exploits against TrustZone or Verified Boot so we increased the fee to $ 50,000 in June 2017 2016 It was.

Google's internal security team, Project Zero, also undertook its own competition from September 2016 to March 2017 and also provided $ 200,000 in compensation for the same type of Android Android hacking. . .

TechRepublic: Google Android is here to enhance the security of IoT enterprise deployment

However, despite not winning the 1st in Google's Android Bug Bonus, researchers were extremely astounding to look for other security vulnerabilities. In a blog published today, Google says it pays over $ 3 million annually for the year since the program began in 2015.

In the retrospective of the past year, Jason Woloz and Mayank Jain of Android security, the privacy team said 99 different bug hunters submitted 470 vulnerability reports in the past year.

The average payment for approved bug reports was $ 2,600, but the average payout per researcher was $ 12,500, an increase of 23% from last year.

This year, Guang Gong, a Chinese security researcher at the Alpha team of Qihoo 360 Technology Inc., received $ 105,000 on two vulnerable remote control chains (CVE-2017-5116). CVE-2017-14904). ) With the Google Pixel device. So far, this is Google's biggest gains against Android bugs.

CNET: Best Android Apps for …

Hope you like the news Bug hunters fail third year in a row to get top prize in Android hacking program. Stay Tuned For More Updates 🙂

Compsmag