The search engine and tech giant Google has now increased the reward for finding bugs in Android OS to $200,000. Stepping up their bounty program at this time isn’t that surprising, especially considering that it’s only been a couple of days since the massive ‘Judy’ malware attack. Despite the unthreatening name, Judy has managed to infect over 30 million Android smartphones, which raised a massive red flag at Google.
The company started their famous bug bounty program around two years ago, and the point is to find as many bugs as possible. No matter if they’re big or small, as long as it’s something relevant that might end up posing a problem, Google will reward the find and fix the bug. Paying for every bug might seem expensive, but it’s a much better option than to have their system exploited by cyber criminals.
Since the program was started, Google has already paid over $1.5 million for the discovered bugs. Now they aim to attract even more researchers and to do that; they’ve increased the reward for the bugs found. The first reward that’s mostly given for discovering smaller but still pretty serious bugs was around $30,000. These were the bugs that might let someone gain remote access to the system and use it for stealing users’ personal data. After the increase, however, the reward is $150,000.
The second reward is being saved for more serious bugs, including Verified Boot and Trust Zone bugs. Verified Boot bug ensures that the smartphone’s software isn’t altered, while the Trust Zone bug secures security software, fingerprint scans, biometric data, system settings and alike. The reward for discovering and reporting these bugs was $50,000. In order to stop hackers from exploiting these two most critical areas of the system, Google will now start paying $200,000 per bug.
According to the official blog post by Android security team:
“Rewards for a remote exploit chain or exploit leading to TrustZone or Verified Boot compromise increase from $50,000 to $200,000 – Rewards for a remote kernel exploit increase from $30,000 to $150,000.”
Check Point, a cyber security company has submitted a report that says that dozens of the Play Store’s apps were infected with “Fireball” malware recently. All of those apps were taken down by Google’s security team, but not before the massive amount of downloads took place. It’ estimated that between 4.5 million and 18.5 million downloads occurred since the apps got infected.
Some of these apps have even spent several years in the Play Store, hiding their real nature and waiting for unsuspecting users to download them. Despite the fact that ‘Judy’ has made such a mess when it comes to the Play Store, it’s still only one type of malware. Nevertheless, it serves as an example of what hackers can do, and what we, as users, need to watch out for.
DDoS attacks are increasing, calculate the cost and probability of a DDoS attack on your business with this DDoS Downtime Cost Calculator.