American multinational technology company Google has said that it will pay $200,000 to hackers who can find a bug in their mobile operating system Android. The news comes days after a malware called “Judy” hit over 36.5 million Android- based phones.
Android is known for its poor security issues, especially with the older versions of the OS. A number of malicious apps were downloaded between 4.5 million to 18.5 million times from Google Play Store. It has been found out that some of these malware-affected apps have been residing on the online store for several years.
“Judy” is one among many malwares that show how a free and open mobile OS can be destroyed by malicious app creators. The malware was founded by a security research firm CheckPoint, as per Deccan Chronicle.
Over the past couple of years, we have seen various tech giants such as Microsoft, Apple, Facebook, etc paying out millions of dollars in bug bounty programs. In such programs, security researchers or hackers who can demonstrate an exploit, wins the cash prize, the figure of which depends on the severity of the hack.
In 2015, Google started the bug bounty program for Android. Since then, the value of the reward has risen from $50,000 to $200,000.
The increased cash prize applies to two bounties – one for vulnerabilities in Verified Boots or TrustZone, and the other for a remote Linux kernel exploit. Among them, TrustZone is a matter of more serious concern than the Linux exploit.
TrustZone is a chipset related technology, which ensures biometric data, DRM and boot settings are kept in a trusted secure environment. Meanwhile, Verified Boot is software related, which ensures that the OS has not been tampered everytime a device starts up.
It is also believed that the search-engine company will also increase the reward price if it again fails to get to a working exploit for the operating system’s core components.
