Skip to main content
Make $1.5 million from Google.

Make $1.5 million from Google.

In true Wild west style Google have offered any crusading hacker $1million bounty to hack Titan M. Introduced as a part of Pixel 3 smartphones last year, Google's Titan M  is a dedicated security chip, designed to protect devices against boot-time attacks.  Google are so confident that they can’t be hacked, they are offering a serious cash incentive to prove it.

So, all anybody can hear is lots of money, google and bounty but what is a bounty when it comes to cybersecurity and more importantly, what is a boot-time attack?

Bug Bounty Programs

The Internet Bug Bounty program rewards friendly hackers, white-hat hackers, who can reveal security vulnerabilities in software that supports the internet stack, with cash. The program is managed by a panel of volunteers selected from the security community. This is becoming a vital point in internet security procedures as currently up to 25% of valid security weaknesses found are deemed to be either high or critical importance.

The Internet Bug bounty system has been so effective that tech giants like Apple and Google also look to spending their money well and attract white-hat hackers to improve their own programs: with Apple at Black Hat and Google announcing a new bug-bounty program directly targeted at killing off data abuse on Google Play Android apps.

Higher rewards are given to more severe vulnerabilities being found.

What is a Boot-time attack?

Boot-time attacks, as the name suggests, happens when you are ‘booting’ or rebooting your computer. When your cellphone is locked and, in your bag, on the table and accessible to hackers, it’s effectively in boot-time. Boot-time attacks have permeated the landscape since 2008 so many hackers and developers have a working knowledge of them.

The good thing about Boot-time attacks is that they need physical access to the computer. The bad thing about boot attacks is that for smartphones, this isn’t really a huge challenge.

Who hasn’t left their cell phone on a table?

Most people don’t know that even with full disk encryption, laptops and smartphones are still liable to security issues, even as smart as the Pixel 3. 

Along came Titan M

Google are confident that they have Boot-time attacks taken care of with a security chip designed exactly for that purpose, the Titan M. The Titan M does have other functions but, in its position, right next to the main processor of the Pixel 3, boot-time attacks, are its nemesis.

The Titan M is effectively an impressive separate hardware component to already existing security on the Pixel 3,  Android Verified Boot which handles private data, passcode verification, factory-reset policies, private keys, and secure APIs for payment and app transactions. 

The googles bounty program will pay $1 million for a "full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices," Google is planning on adding another $500,000 to that if a hacker is able to achieve the same in the developer preview versions of Android. 

The exciting part is not the challenge, but the fact that this bounty is seven times more than the highest Android award in the past.

To date, finding a 1-click remote code execution exploit chain on the Pixel 3 and 4 devices has only been discovered by one cybersecurity researcher who was given just over $160 thousand from the Android Security Rewards program and $40,000 by Chrome Rewards. That has been the highest ever reward for a single exploit chain across all Google VRP programs.

With security becoming a hazard across all verticals, it wouldn’t be surprising if more bounty programs started springing up everywhere.

Subscribe now to the fastest-growing podcast that brining security practitioners together. No sales and buzz words just practical cybersecurity knowledge.