Published in News

Google invites hackers to take down Titan

by on22 November 2019

Worth $1.5 million if you can find your own head of Medusa

Google announced today that it is willing to dish out bug bounty cash rewards of up to $1.5 million if security researchers find and report bugs in the Android operating system that can also compromise its new Titan M security chip.

The Titan M chip is currently part of Google Pixel 3 and Pixel 4 devices. It's a separate chip that's included in both phones and is dedicated solely to processing sensitive data and processes, like Verified Boot, on-device disk encryption, lock screen protections, secure transactions, and more.

Google says that if researchers manage to find "a full chain remote code execution exploit with persistence" that also compromises data protected by Titan M, they are willing to pay up to $1 million to the bug hunter who finds it. If the exploit chain works against a preview version of the Android OS, the reward can go up to $1.5 million.

Google introduced its Titan Key last month and it's widely available for purchase in the US through the company's Google Store. Almost any modern browser and mobile device, as well as services such as Dropbox, Twitter, Facebook, Salesforce, Stripe support the Titan Key. It's Google's take on a Fast Identity Online key, a physical device used to authenticate logins over Bluetooth.

It costs $50, you'll get a USB security key and a Bluetooth security key as well as a USB-C to USB-A adapter and a USB-C to USB-A connecting cable.


Last modified on 22 November 2019
Rate this item
(0 votes)

Read more about: