Google Offering $1 Million to Hack Its Titan M Security Chip
Google has long used bug bounties to help it uncover security flaws in its products before they appear in attacks. It’s also been among the most generous with the payouts for those bugs, but its latest revision of the is taking things to a whole new level. Security researchers who find a flaw in the company’s Titan M security chip could net themselves as much as $1 million.
The Titan M security chip debuted in the Pixel 3 about a year ago, but it wasn’t an entirely new design. Before the mobile Titan chip, Google designed a similar chip for its servers.
The Titan M is a smaller version of the server chip (see above) that maintains the integrity of a Pixel phone’s software. The idea of having a hardware-based secure element isn’t new. ARM chips have a component called TrustZone that is separate from the main OS and Apple has a secure enclave on its A-series chips. Google’s Titan M is a completely separate hardware component that isn’t even connected to the SoC, theoretically offering even more security. Google has gone so far as to make the Titan M the , provided you configure 2-factor authentication to ping your phone.
That all falls apart if the Titan M isn’t sufficiently hardened from attack, so Google is offering big bucks for exploits. To get the maximum payout, a researcher has to provide a “full chain remote code execution exploit with persistence.” That means a method of breaching the Titan M’s security without physical access to the phone in a way that gives the attacker permanent access. In other words, the worst-case scenario. That would earn $1 million off the bat, and there’s an extra 50 percent bonus for finding an active exploit in specific developer preview versions of Android. So, that could be a $1.5 million payday.
It’s unlikely anyone is going to discover such a vulnerability in the chip (the company has paid out $1.5 million total this year), but Google wants to make sure it’s offering enough to encourage developers to come forward. Private security firms are also offering big bucks for exploits, and researchers selling to them would mean the bug won’t get fixed until something disastrous happens.
Now read: