Google is ready to pay close to 10 crores to security researches or anyone for that matter who can find and remove bugs in Pixel smartphones including Pixel 4. The company will pay this money if they are successful in finding the vulnerability in these devices. The winner will also receive a 50 percent bonus from Google in addition to the prize money of 7.1 crores.
The task is not as easy as it sounds as the researchers will have to look for bugs in each of the given developer previews for Android. This bounty program by Google will reward only the person who is able to hijack Google’s Titan M ‘secure element.’ which is very similar to Apple’s ‘iPhone Secure Elementa’. The Titan M is basically a chip which scans for incoming hackers who are trying to access the user’s Android device, so getting past it needs major efforts.
Google has tagged this new reward program as ‘Full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.’ The company says that they will reward extra for a full exploit chain with multiple vulnerabilities chained together that demonstrates arbitrary code execution, data exfiltration, or a lockscreen bypass.
The security flaws seems to have come out of the work of researchers from cybersecurity firm Checkmarx who claimed that the camera on Pixel phones were able to spy on the users where the hackers could easily control the App that is used for clicking pictures and taking videos on the phone.