Google Paying Up to $1.5M to Anyone Who Can Hack Its Titan M Chip


The FPS Review
Staff member
May 6, 2019
Calling all bug hunters: Google has announced that it will pay a cash reward of up to $1.5 million to anyone who can outsmart its new Titan M security chip, which is used in the Pixel 3 and Pixel 4 smartphones for processing encryption, lock-screen protections, secure transactions, and other sensitive processes. Those who manage to find a "full chain remote code execution exploit with persistence" get a cool $1M, while an exploit chain that works against a preview version of Android OS gets the top $1.5M prize.

Today's announcement comes as Google also increased bug bounty payouts across the board for the entire Android Vulnerability Rewards Program (VRP). Until today, the maximum vulnerability payout was $200,000 for "a remote exploit chain leading to a TrustZone or Verified Boot compromise." Since the Android VRP's launch in 2015, nobody has earned this top reward, and chances are low that no one will be able to hack Android running on a Titan M chip either.
Thats a good payout.
Pretty cheap in the grand scheme of things. This gets a lot more attention and way more people testing than their internal QA/QC departments could while also probably being cheaper. Still, nice chunk of change for whoever figures it out.
Become a Patron!