Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Google Launches Android Hacking Contest

Google announced on Tuesday the launch of a new hacking contest that invites researchers to find serious vulnerabilities and exploit chains in the Android operating system. The search giant is prepared to pay hundreds of thousands of dollars to the winners.

Google announced on Tuesday the launch of a new hacking contest that invites researchers to find serious vulnerabilities and exploit chains in the Android operating system. The search giant is prepared to pay hundreds of thousands of dollars to the winners.

The contest, named “The Project Zero Prize,” will run until March 14, 2017. Participants must find a full exploit chain that allows them to achieve remote code execution on up-to-date Nexus 6P and Nexus 5X devices by knowing only their email address and phone number – the maximum allowed user interaction is opening an email in Gmail or an SMS in Messenger.

The first winning entry will be awarded $200,000, and the second will get $100,000. All the other winning entries will receive at least $50,000. Winners will also be invited to write a short technical report describing the vulnerabilities on the Project Zero blog.

While the Project Zero Prize competition takes place over the course of six months, hackers must not hoard the flaws they find. Each bug in the chain must be submitted to the Android issue tracker as soon as possible to ensure that it’s not reported by someone else first, as only the first person to file a vulnerability can use it as part of their exploit.

“Our main motivation is to gain information about how these bugs and exploits work,” explained Natalie Silvanovich of Google’s Project Zero team. “There are often rumours of remote Android exploits, but it’s fairly rare to see one in action. We’re hoping this contest will improve the public body of knowledge on these types of exploits. Hopefully this will teach us what components these issues can exist in, how security mitigations are bypassed and other information that could help protect against these types of bugs.”

Another reason for running the contest, Silvanovich said, is to fix potentially dangerous Android vulnerabilities so that they don’t impact users. The search giant also hopes to gather some statistical data on the availability of these exploits.

Entries that don’t win any prizes as part of the competition can still qualify for a reward in the regular Android bug bounty program. In June, after paying out more than half a million dollars, Google announced that it increased Android bug bounty payouts to a maximum of $50,000 per submission.

Related: Android 7.0 Packs Re-Architected Mediaserver, Other Security Enhancements

Advertisement. Scroll to continue reading.

Related: Overwhelming Majority of Android Devices Don’t Have Latest Security Patches

Related: Critical Vulnerabilities Patched in Android Mediaserver, Qualcomm Drivers

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Fraud & Identity Theft

A team of researchers has demonstrated a new attack method that affects iPhone owners who use Apple Pay and Visa payment cards. The vulnerabilities...

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.