Tue. Nov 24th, 2020

Can You Hack Google’s Titan M Security Chip?

Calling all white hackers.


Your mission, should you choose to accept it, could make you $1.5 million richer.


But only if you can breach Google’s Titan M security chip.


The tech giant recently expanded its bug bounty program, which now includes increased payouts for its Android Security Awards program.


In a blog post published last Thursday, Google said it will “pay a top prize of $1 million for a full chain remote code execution exploit with persistence which compromises the Titan M secure element on Pixel devices.”


“Additionally, we will be launching a specific program offering a 50% bonus for exploits found on specific developer preview versions of Android, meaning our top prize is now $1.5 million.”


Google’s Titan M, which was introduced with the 2018 Pixel 3, is designed to protect devices against boot-time attacks.


According to Brian Barrett at Wired:

“Titan M heads off these boot-time attacks by tying into Verified Boot, a feature introduced in 2017 with Android Oreo. Verified Boot confirms that you’re running the correct version of Android as soon as you turn it on; by leveraging Titan M, the Pixel 3 ensures the integrity of that check before an attacker has a chance to downgrade you to something more vulnerable, or meddles with your bootloader.”


Along with the Titan M reward, Google has also added two new categories of exploits to its rewards program — data exfiltration and lock screen bypass vulnerabilities. Even more, the reward for discovering these vulnerabilities goes up to $500,000.


Google’s bug bounty program has been in place for over four years, and during this time, the company has paid out more than $4 million for 1,800 bug reports.