Google's Project Zero: Find Bugs In Android And Win $200k

The Google Project Zero team has announced the contest to hack Android, in order to find critical security flaws.

 

If hacking is a passion, then ethical hackers are on the road to win Google Project Zero $200,000 prize, if they manage to hack into the latest Android OS. The aim of this contest announced by the team is "to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices' phone number and email address," in words of Natalie Silvanovich, the Project Zero Exploit enthusiast, who mentioned it on a blog post.

The team Project Zero had been founded in 2014 to find out and patch up security flaws in the Android OS, so that before any other hackers get it, the patches are already there in place.

In order to understand how the contest will play out, one needs to go over some of the major rules of the contest:

  • The contestants do not have to wait for the entire bug chains to form, and their entries can start coming in, and tracked with the Android Issue Tracker. After the initial entry is made, the participants can use this bug anytime as a part of submission over the 6-month period of the competition.
  • Also, a bug reported by a participant can only be used by that participant later on in the contest. They are required to submit full description of how the hack works, and eventually it will be made public by the team Project Zero blog.
  • Apart from the winning entry which will get the prize of $200,000, there will be a $100,000 as the 2nd prize, and there will be a split of $50,000 among other entrants.

One needs to know that Google already has the Android Security Rewards program, which is about reporting bugs on the various Android products. In fact, Google also revealed that it has paid out $550,000 to Android Bug researchers till date after the introduction of the program, and are willing to increase the prize bounty for each of the bugs found.

Then comes the question, why would they need to hold another separate contest for the same? The answer comes from Silvanovich, who said  "Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests. Hoping to continue the stream of great bugs, we've decided to start our own contest: The Project Zero Prize."

She then went on to explain,  "Our main motivation is to gain information about how these bugs and exploits work. There are often rumours of remote Android exploits, but it's fairly rare to see one in action. We're hoping this contest will improve the public body of knowledge on these types of exploits. Hopefully this will teach us what components these issues can exist in, how security mitigation are bypassed and other information that could help protect against these types of bugs... Also, we're hoping to get dangerous bugs fixed so they don't impact users. Contests often lead to types of bugs that are less commonly reported getting fixed, so we're hoping this contest leads to at least a few bugs being fixed in Android."

So, for all those programming bugs out there, here is the chance to grab $200,000 from the Google Project Zero team, and showing some great ethical hacking skills, to the rest of the world.


TAGS: Google, Android, Project Zero, Hacking Contest