Google has made a big push for security over the past couple of years, and a big part of that has been beefing up Android security and pushing out fixes for vulnerabilities on a regular basis. We’ve seen that in Google’s monthly Android security updates, which have been relatively successful so far with some OEMs keeping devices somewhat up to date. Now the company is introducing another method to find Android vulnerabilities, a hacking contest by Project Zero…
The best gifts for Android users
For those out of the loop, Project Zero is Google’s own internal team of security researchers who find and document vulnerabilities and bugs in widely-available software (i.e. Android, Chrome OS, etc).
Now Project Zero has announced a hacking contest for anyone that might be up to the challenge. What needs to be done? Participants will be tasked with attempting to find “a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices’ phone number and email address.”
The average-joe translation of that is that participants will need to find a way to cause serious trouble on an Android device through a text message, phone call, or email. This isn’t limited to apps such as the dialer, though. If a remote hack is found that can be executed by knowing just a phone number or email address, it can be submitted for a chance to win one of three prizes.
To enter, participants will need to send in research via an Android issue tracker report and then send it over to Project Zero. First prize of $200,000 will be awarded to one person. Second prize will also only go to one winner, but with $100,000 in tow. Third prize will be handed out to multiple winners from a pool of at least $50,000. Winners will also be asked to write a brief technical report of the entry for the Project Zero blog.