Why waiting for researchers and bug hunters to know vulnerabilities in your products, when you can just throw a contest for that.
Google has launched its own Android hacking contest with the first prize winner receiving $200,000 in cash.
That’s a Hefty Sum!
The contest is a way to find and destroy dangerous Android vulnerabilities before hackers exploit them in the wild.
The competition, dubbed ‘The Project Zero Prize,’ is being run by Google’s Project Zero, a team of security researchers dedicated to documenting critical bugs and making the web a safer place for everyone.
What’s the Requirements?
Starting Tuesday and ending on March 14, 2017, the contest will only award cash prizes to contestants who can successfully hack any version of Android Nougat on Nexus 5X and 6P devices.
However, the catch here is that Google wants you to hack the devices knowing only the devices’ phone numbers and email addresses.
For working of their exploits, contestants are allowed to trick a user into open an email in Gmail or an SMS text message in Messenger, but no other user interaction beyond this is allowed.
So, if you want to participate in ‘The Project Zero Prize’ contest, you are advised to focus on flaws or bug chains that would allow you to perform Remote Code Execution (RCE) on multiple Android devices.
"Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests," Project Zero security researcher Natalie Silvanovich said in a blog post while announcing the competition.
Therefore, the company has taken this initiative to run its own hacking contest in search of severe Android security vulnerabilities.
Contest Cash Prizes
First Prize: worth $200,000 USD will be awarded to the first winning entry.
Second Prize: worth $100,000 USD will be awarded to the second winning entry.
Third Prize: At least $50,000 USD will be awarded to additional winning entries.
Besides cash prizes, winners will also be invited to write a short technical report describing their entry, which will then be posted on the Project Zero Blog.
For more details about the contest, you can check out the Project Zero Security Contest Official Rules.