Google’s security analyst team, Project Zero (that works on finding vulnerabilities in the Android system) has announced the launch of its hacking contest to discover flaws in the mobile ecosystem. It is going to offer up to $200,000 in prize money to the first team. The goal is to find a bug chain that can give remote access to multiple Android devices by just knowing their email address or phone numbers.
Google calls it ‘The Project Zero Prize’, and is banking on the prize amount being a motivator for hackers to find flaws in the ecosystem. The first prize in the competition is $200,000; the second prize is $100,000 and the third prize is $50,000. There will be additional awards for winning entries that are able to find flaws in the Google’s operating system. Winners of the competition will be invited by the company to write a technical report on their entry, which will then be posted on the Project Zero Blog.
“This contest will be structured a bit differently than other contests. Instead of saving up bugs until there’s an entire bug chain, and then submitting it to the Project Zero Prize, participants are asked to report the bugs in the Android issue tracker. They can then be used as a part of submission by the participant any time during the six month contest period,” the Project Zero team said in a blog post.
The post also says that the full description of the exploits that are gound by hackers will be published on the Project Zero blog. All vulnerabilities and exploit techniques used in each winning submission will be made public.
Google hopes to improve the public body of knowledge with the contest on remote Android exploits and hopes to fix dangerous bugs that can affect the mobile ecosystem.
Earlier last month, a report from Check Point Software Technologies shared at DEF CON 24 explained how 900 million Android smartphones running Qualcomm chipsets are at risk from a QuadRooter vulnerability. Google has since acknowledged the vulnerability and has been pushing out updates to fix it.
QuadRooter is a set of four vulnerabilities affecting Android devices running on Qualcomm chipsets. Using any of these four vulnerabilities, an attacker can exploit a device by gaining root access to a user’s phone, or trigger privilege escalations.
Many mobile manufacturers have since sent OTA updates fixing the Quadrooter vulnerabilities for users.