Google Paid $112,500 To a Security Engineer For Finding an Android Bug
Google has best security minds from across the globe in their security team. But humans often make mistakes, that’s why they have Google Vulnerability Reward Program.
Google is known for its Bug Bounty programs that reward hackers, security researchers and engineers for discovering bugs and loopholes in its wide range of products which include Android OS, Chrome, Office suite and more. Google is putting up $1 million for anyone who can crack its web browser and become a security threat.
According to latest reports, Google paid big money to a security researcher that managed to uncover a nasty exploit in its Pixel smartphone last year.
Getting into details, In a recent announcement on Wednesday, the company said that it paid $112,500 to a bug bounty hacker for reporting an exploit chain that could be used to hack into a Pixel device.
Guang Gong, a security engineer from Qihoo 360 Technology’s Alpha Team discovered a chain of exploits that could have been used to take advantage of the company’s latest Android flagship smartphone, Pixel. He submitted a report to Google through the Android Security Rewards (ASR) program, which includes details about the bugs he discovered.
His findings include information about two separate bugs. These bugs could together be used to remotely inject code into the Pixel, or any other Android’s, system_server process when the user clicks a malicious URL in Chrome. Once that happens, a hacker could take control to run additional malware, spy on them, or even hijack the smartphone entirely.
His report earned him a whopping sum of $105,000. He also received $7,500 as a bonus. Google mentioned that it’s the first working remote exploit chain it’s received under the rewards program till date. The announcement was safe to make now as Google has already patched the bug in December’s security update, along with 41 others.
Also Read: Hackers Can Use Siri, Alexa and Google Now To Take Control Of Your Devices Remotely.
Why the huge cash prize?
Bug Bounties help them to identify and maintain their security flaws and patch all the vulnerabilities they may not otherwise have found. In this way, they can secure their products by rewarding hackers who try to hack their products. With such reward programs, they balance developers and hackers parallelly who can create and exploit their products.
Almost all the major companies like Facebook, Microsoft and Apple encourage security engineers to breach the security of their products and reward them for their findings.
Did You Know?
Google’s bug bounty program has so far awarded researchers over $1.5 million to date, with one team having earned the highest total of $300,000 so far for 118 different reports.
If you are interested in knowing more about how Google protects your data, here is a video tour of a Google data centre that highlights the security and data protections that are in place at Google’s data centres.