Tech News

Over $100,000 Was Awarded to Android Bug Hunter For Exposing Flaw

January 22, 2018

544

A simple security flaw in android exploit by the biggest online company Google led a researcher to have over than $100,000!

A security researcher was rewarded over $100,000 by Google for exposing a security flaw in Google Pixel smart phones. Guang Gong, a devoted android bug hunter submitted an exploit chain through the Androids Security Rewards (ASR) program last August 2017 and was rewarded $112,500. She was the very first in the ASR history to receive the highest reward which is $105,000 from ASR program and a $7,500 under the Chrome Rewards program as well.

The technical details were revealed by Google on its Android Developer’s blog last Wednesday. The company thanked Gong and her team which is the Alpha Team, Qihoo 360 Technology and also the entire researcher community for bringing up this flaw that may lead consumers to have a big problem later on.

However, the Google company stated that the security flaw was resolved already as part of the December 2017 monthly security update that patched a total of 42 bugs.

The exploit chain covers two bugs. These are the CVE-2017-5116 and the CVE-2017-14904. The other one is a V8 engine bug that was supposed to get remote code execution in sandboxed Chrome render process. The bug is in Android’s libgralloc module that is used to escape from Chrome’s sandbox. Google says that this flaw can be used to inject arbitrary code into system_server by accessing a malicious and threatening URL in the Chrome browser.

Through the Android Security Rewards program, Google recognizes the contribution and help of security researchers working on Android’s security features to provide the users safe and secure smart phone experience. Since October 2017, the smart phones covered under the program include Google Pixel 2, Google Pixel and Pixel XL, and Google Pixel C.

In June 2017, Google increased the ASR payout rewards for exploits leading to TrustZone or Verified Boot. From $50,000 to $200,000. Since then, the company has awarded researchers over $1.5 million up to date.

Nice!
July 25, 2019 by SadeGlo from United States
Great show to stay up to date on recent watch news. Very impressed that this comes out daily.
Awesome show
July 12, 2019 by Wazzupdudidos from United States
Thanks for all the great news on gadgets, games and tech. I listen to you daily, and you rock. Thanks dude.

Convenient Gadgets That Every Homeowner Should Have

Technology That Can Make You Safer

How to Build a Technology-Driven Business

Who Your Business Needs to Hire for Increased Cybersecurity

How Software Can Save Your Business Time and Money

#246 The Voice Of Mario Retires

#245 The Black Shark 4 Smartphone Rises From The Deep

#244 Oh Great, Now Microsoft Wants To Buy Discord

#243 Global Shortage in Semiconductors Increases

#242 Sony Reveals Its PS5 VR Controllers

Convenient Gadgets That Every Homeowner Should Have

Technology That Can Make You Safer

How to Build a Technology-Driven Business

Who Your Business Needs to Hire for Increased Cybersecurity

How Software Can Save Your Business Time and Money

#246 The Voice Of Mario Retires

#245 The Black Shark 4 Smartphone Rises From The Deep

#244 Oh Great, Now Microsoft Wants To Buy Discord

#243 Global Shortage in Semiconductors Increases

#242 Sony Reveals Its PS5 VR Controllers

Over $100,000 Was Awarded to Android Bug Hunter For Exposing Flaw

A simple security flaw in android exploit by the biggest online company Google led a researcher to have over than $100,000!

However, the Google company stated that the security flaw was resolved already as part of the December 2017 monthly security update that patched a total of 42 bugs.

TechNewsGadget - Latest Gaming & Gadget News

POPULAR POSTS

Apple sees a future with iGlasses (and also loves patents!)

VIZR: Use Your Smartphone as Display While Driving

What Was Technology 20 Years Ago?

POPULAR CATEGORY