Google Pays a Fortune for Ethical Hacker Jobs? What Is the Reason?
If you are good at ethical hacking, Google has a huge reward waiting for you!
The old and golden hunter’s bounty is back to a whole new level! Google has added a 50% “reward” bonus to the US$1 million on offer to hackers that compromise the Titan M secure element on Pixel devices. There is no doubt that these aren’t cyber-criminals that are getting rewarded by all these big names in technology: these are the hackers who report security problems so that they can be fixed before threat actors can exploit them. For this particular purpose, Google launched the Vulnerability Reward Programs (VRPs) in 2010.
Vulnerability Reward Programs
The Google VRPs cover numerous product areas and have been expanded continuously in terms of both reach and reward since 2010. As well as Android and Chrome, for example, there is an “Abuse” program that covers what Google refers to as “significant abuse-related methodologies.” An example of the latter is how an attacker might manipulate rating scores for a Google Maps listing without alerting the abuse detection system. The maximum baseline Chrome VRP reward has tripled to US$15,000 but the really big money is to be found within the Android Security VRP.
According to a Google security blog posting that looks at the VRP year in review for 2019, the top prize in this category is US$1 million for a “full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.” Do that on specific Android developer preview versions, and Google will now increase the reward by 50% to US$1.5 million it has confirmed.
Rolling Out the Rewards
There are some genuinely mind-boggling statistics in this yearly VRP review, not least that since 2010, Google has now paid out more than US$21 million in rewards. In 2019 alone, some US$6.5 million in rewards were paid; that’s twice as much as has ever been rewarded in a single year before. Generous hackers donated a record total of US$500,000 in rewards cash to charity, five times as much as in any year before. The single highest reward payout was US$201,000 and a total of 461 hackers received payments from Google across the year. By opening up the Google Play security reward program to cover any app with more than 100 million installs, there was a surge of bug reports that resulted in $650,000 (£500,000) in rewards being paid in the last six months of the year.