Google awarded over USD 112,000 to a Chinese security researcher for reporting an exploit in Google Pixel smartphones.
The Android security team posted in the Google developers forum that Guang Gong of Alpha Team, Qihoo 360 Technology Co. Ltd. had submitted a working remote exploit chain in August 2017. This was the first such exploit since the expansion of Android Security Rewards (ASR) program.
“For his detailed report, Gong was awarded USD 105,000, which is the highest reward in the history of the ASR program and USD 7,500 by Chrome Rewards program for a total of USD 112,500,” Mayank Jain and Scott Roberts wrote for the Android security team.
Gong in a blog post also outlined the bugs he and his team discovered.
The issues reported by Gong and others as well were resolved as part of the December 2017 monthly security update. The company thanked researcher community for their contributions.
All pixel devices will automatically install these updates however the users need to restart their devices to complete the installation.
The internet giants through its Android security rewards program recognises the contributions of security researchers who invest their time and effort in identifying bugs and vulnerabilities. The program covers security vulnerabilities discovered in the latest available Android versions for Pixel phones and tablets. Currently, Pixel 2, Pixel, Pixel XL, Pixel C are the devices under the program.
Last year, rewards were increased under the program. Rewards for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise was increased from USD 50,000 to USD 200,000. Whereas, rewards for a remote kernel exploit increase from USD 30,000 to USD 150,000.
Comments
Post a Comment