Google offers a bug bounty of $1.5M on their Titan M chip

Keeper
5 years ago

0

https://security.googleblog.com/2019/11/expanding-android-security-rewards.html

A full chain remote code execution vulnerability will now be rewarded with up to $1.5M.

The chip is meant to address boot-time attacks as well as brute-force attempts and others. It’s basically a tamper-resistant hardware that has its own private storage, its own private RAM, its own private processing. If we consider side-channels as attacks of last resort, consider them obsolete with Titan M.

Anyhow, $1.5M is crazy. Do you think anyone will qualify for the full prize?

3replies
4voices
275views
f0rk [HackingGuy]
5 years ago

0

Yeah didn’t you hear? @dloser already took the spoils :P

Smyler [WHGhost]
5 years ago

0

The hardware required to reverse enginer this chip is probably very expensive on its own, so they probably really need to put some money in line to attract the right people. It’s also a way of advertising their product, “Look, we promised $1.5M but even the best were not able to hack it”.
But if there is one thing I learnt, it’s that companies challenging hackers and researchers are always loosing, so I’m confident someone will find a flaw. It’s still Google tho, they know what they are doing when it comes to bounties.

dloser
5 years ago

0

They are not really *losing, though. They either get to claim they are secure because “see bounty” or they have paid a smart person/team to find a very critical issue.

You must be logged in to reply to this discussion. Login
1 of 4

This site only uses cookies that are essential for the functionality of this website. Cookies are not used for tracking or marketing purposes.

By using our site, you acknowledge that you have read and understand our Privacy Policy, and Terms of Service.

Dismiss