Google has announced it will pay up to $1.5 million to the hacker who brings its Titan M security chip down to its knees.
The jackpot was disclosed in an update to the company’s Android Security Rewards program, which lists bounties for hacking into the Android operating system, apps, and hardware.
The Titan M is an integrated circuit that tests the integrity of the operating system, encrypts passwords, protects the encryption keys of third-party apps, and prevents firmware updates from unauthorized users. It was added to Google’s Pixel smartphones starting with the Pixel 3.
Google is currently looking for security holes that allow exploits of developer-preview versions of Android. As an incentive, any confirmed hack is rewarded in cold hard cash, with the top prize going to anyone who manages to run a chain of remote exploits demonstrating arbitrary code execution on the Pixel 3 and later smartphones. Other rewards include bypassing the lock screen and data exfiltration. For these hacks, the rewards are more modest – up to $500,000.
Over the past four years, Google has paid out more than $4 million as reward for more than 1,800 reported exploits. In 2019 alone, the company paid $1.5 million to researchers who reported vulnerabilities, averaging $15,000 per successful hack.
As for the Titan M, this mobile chip is among the highest ranked on the market when it comes to internal security. Released in 2018 as an integral part of the Pixel 3, the chip has brought device-level protection to Android devices.
Google also offers the Titan M in the form of a USB stick that can be used with desktop computers and other devices. It’s basically a third layer of security for your Google account, and Google says it can even protect you from phishing attacks.