Hacking can be quite lucrative business, but the better-compensated hacking careers tend to be on the illegal and immoral side of the tracks. If you’re a top-notch hacker who wants a little spending money without breaking the law, however, Google wants you to try and break into its Nexus 6P and 5X handsets. And it’s stumping up at least $350,000 for “great bugs”.
That bounty is divided into three prize tiers, with the best vulnerability winning $200,000 (around £152,000), the second-best $100,000 (~£76,000) and a third-place bug gets you $50,000 (~£38,000). Entrants have between now and 14 March 2017 to enter.
Your common or garden bugs (by which I mean software faults, rather than taking a break into entomology) already attract rewards from Google through its Android Security Rewards programme, but these can go for anything between $200 and $50,000. By offering a contest with bigger rewards, it seems the company is hoping to attract high-end hackers who won’t get out of bed for less than $100,000.
“Many unique, high-quality security bugs have been discovered as a result of hacking contests,” explains Google’s resident “exploit enthusiast” Natalie Silvanovich on the Project Zero blog. “Hoping to continue the stream of great bugs, we’ve decided to start our own contest: The Project Zero Prize.”
You can read the official rules of entry here, but the gist is this: any bug has to be via a user opening an email in Gmail or an SMS text in messenger, but no further interaction is permitted. You should be able to use the exploit on both handsets, unless it takes advantage of a specific security feature of one handset or the other. You need to file bug reports in the Android issue tracker, and they can be submitted at any time over the duration of the contest. “Only the first person to file a bug can use it as a part of their submission, so file early and file often,” the blog advises.
“Participants will submit a full description of how their exploit works with their submission, which will eventually be published on the Project Zero blog. Every vulnerability and exploit technique used in each winning submission will be made public,” the post adds.
Hopefully any bugs exposed over the duration of the contest will ensure that the 2016 Nexus – rumoured to be the Pixel phone – will be off to a strong start in terms of security.
Thank you for your visit on this page Google launches $200,000 Project Zero bug prize for hacking the Nexus 6P and 5X