Google offers a bug bounty of $1.5M on their Titan M chip

Keeper
5 years ago

0

https://security.googleblog.com/2019/11/expanding-android-security-rewards.html

A full chain remote code execution vulnerability will now be rewarded with up to $1.5M.

The chip is meant to address boot-time attacks as well as brute-force attempts and others. It’s basically a tamper-resistant hardware that has its own private storage, its own private RAM, its own private processing. If we consider side-channels as attacks of last resort, consider them obsolete with Titan M.

Anyhow, $1.5M is crazy. Do you think anyone will qualify for the full prize?

f0rk [HackingGuy]
5 years ago

0

Yeah didn’t you hear? @dloser already took the spoils :P

There’s no place like 127.0.0.1

Smyler [WHGhost]
5 years ago

0

The hardware required to reverse enginer this chip is probably very expensive on its own, so they probably really need to put some money in line to attract the right people. It’s also a way of advertising their product, “Look, we promised $1.5M but even the best were not able to hack it”.
But if there is one thing I learnt, it’s that companies challenging hackers and researchers are always loosing, so I’m confident someone will find a flaw. It’s still Google tho, they know what they are doing when it comes to bounties.

dloser
5 years ago

0

They are not really *losing, though. They either get to claim they are secure because “see bounty” or they have paid a smart person/team to find a very critical issue.