Hacking contests have always been a key to new innovations in this techno world. By these competitions, companies get to know the flaws in their software or operating systems so as to make them more secure. The latest hacking contest came in sight is launched by Google Project Zero team to find the critical security flaws in Android OS. The company announced a cash prize of USD 200,000 for the winner.
Natalie Silvanovich, Project Zero Exploit Enthusiast, stated in a blog post that, “According to the team, the goal of this contest is to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices' phone number and email address”. Project Zero was basically started in 2014, and the team working for it is of security researchers, who works for zero-day exploits, so that they can pull their socks up before any mishappening.
Talking about the contest structure, it is a bit different this time. The participants do not have to keep waiting for the whole bug chain to form. After the initial entry, the participant can work on it anytime during the 6-month time period.
The bug reported by any participant can only be used by that participant later on. Every participant has to submit a full report of their work and that report will eventually be published on the company’s official blog.
The company has also made clear that every vulnerability and winning will be announced publically. Apart from the winning personality, the firm will offer a second price of USD 100,000 and USD 50,000 among other entrants.
Currently, there is already a Bug Bounty program working on the internet dubbed as Google Security Reward Program for all of its products, and a specific Android Security Rewards Program had also been introduced in June last year. As per the reports revealed by the company, an amount of USD 550,000 has already been paid out to the researchers since the program starting, which is increasing day-by-day.
So, why is the company starting a separate hacking program? On this, Silvanovich said, “Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests. Hoping to continue the stream of great bugs, we've decided to start our own contest: The Project Zero Prize.”
“Our main motivation is to gain information about how these bugs and exploits work. There are often rumours of remote Android exploits, but it's fairly rare to see one in action. We're hoping this contest will improve the public body of knowledge on these types of exploits. Hopefully, this will teach us what components these issues can exist in, how security mitigations are bypassed and other information that could help protect against these types of bugs... Also, we're hoping to get dangerous bugs fixed so they don't impact users. Contests often lead to types of bugs that are less commonly reported getting fixed, so we're hoping this contest leads to at least a few bugs being fixed in Android.” Silvanovich later added.