From September 20, 2016 until March 14, 2017, Google is launching its Project Zero Security Contest that will offer cash prizes to contestants able to hack a Nexus 6P and 5X given only the device's phone number and email address.
Google is asking those interested in competing to focus on vulnerabilities that would allow attackers to perform remote code execution on multiple Android devices. To make the exploit happen, a user can open an email in Gmail or an SMS in Messenger, but no other interaction beyond that is permitted. Contestants must use the same bug on both Nexus devices, unless it utilizes a security feature one smartphone has that the other does not. In that case, two unique vulnerabilities may be used.
During the contest, Google hopes to discover new bugs. And since it’s more than a bug bounty program, it will take a more detailed look at how exploits work, and gather information on how to protect its devices from similar vulnerabilities. The contest mechanics also note that only the first person who submits a particular bug can use it.
The search giant asks participants not to wait until the last minute to submit their bugs, but rather to use the Android issue tracker to enter them as they’re found. They do not need to be a full vulnerability chain. These entries can be used as part of contest submission during the six months.
The winning entry will receive $200,000, with second place getting $100,000, and a third prize worth $50,000. Additionally, winners will write a technical report detailing their entry, which will be featured on the Project Zero blog.
When the contest concludes, the winning vulnerabilities and exploits will all be publicly disclosed.
Source: CNet
Advertisement
Learn more about Electronic Products Magazine
