Google is Rewarding $200,000 to Those Who Can Hack Android, Nexus 6P or Nexus 5X

Google is following Apple’s footsteps in the world of security, and if you know your way around Android and possess the skills to hack Android

Then prove it to Google and win some big money. The American tech giant revealed its plans for its hacking competition last month, naming it Project Zero. Project Zero allows individuals and security companies to look for vulnerabilities in the Android operating system and win money for it.

According to Natalie Silvanovich from Google, who said that there are many other programs at Google related to security and hacking, since other companies are also doing it, the results of what they have accomplished from such programs have strengthened their security flaws and this current competition will help improve both the operating system, as well as their flagship phones. The company specifically highlighted the highest award for those hackers who can hack Google’s smartphones, but only by using the target’s email addresses and their phone numbers.

The Rules of the Game

Like any other hacking program, find a major vulnerability, exploit, bug or any other serious problem within the operating system and then publish your findings on a public website. The vulnerability can range form finding and solving Android problems, from as small as factory resetting the phone to advanced problems, such as importing external Android libraries. However, after finding the vulnerabilities, the hackers must share every detail they discovered during their hunt, and only once it has been verified and approved, their discovery will be shared on Google’s public forums.

In addition, the flaw should be found in Google Nexus devices – such as LG Nexus 5X and Huawei’s Nexus 6P – or any of the previous devices running the Android Nougat. Moreover, the more holes you find in their security, the more chances of you ending up on their radar. In addition, the discoveries can be submitted anytime during the six month period.

However, the rewards are distributed in three sections. The first one takes up $200,000, while the second one will get $100,000 and after that, the winners will be given $50,000, but their findings will not be published. In addition, Google further said that if the findings are not submitted within the six month period, then Google might consider the remaining findings for other Google’s upcoming security programs.

Google said the purpose of this project is for Google to open its doors to the security community.

“We are hoping this contest will improve the public body of knowledge on these types of exploits,” says Natalie. “Hopefully this will teach us what components these issues can exist in, how security mitigations are bypassed and other information that could help protect against these types of bugs.”

Furthermore, this program and the reward set is going to decrease the sales of exploits or zero-day vulnerabilities in the black market. According to many online security and research institutions, the market for cyber crime is worth more than a hundred billion on a yearly basis. Moreover, since smartphones have spiked up in the market, the prices of even a small smartphone exploit have increased massively. For instance, a deadly vulnerability for Android can cost anywhere from $20 to $100,000 dollars, or more.

“Finally, we hope that this contest will give us another data point on the availability of these types of exploits,” says Natalie on Google’s Blog. “Also, we are hoping to get dangerous bugs fixed so they don’t impact users. Contests often lead to types of bugs that are less commonly reported getting fixed, so we are hoping this contest leads to at least a few bugs being fixed in Android, happy hunting.”

Source: Google Project Zero, Fossbytes

Leave a Reply