Recently, the search giant Google has awarded $112,500 to a security researcher for exposing a critical flaw in Google Pixel smartphones. The exploit chain covers two separate bugs, CVE-2017-5116 and CVE-2017-14904.
Google Paid A Hacker $112,500 For Finding A Bug That Could Hack Your Android
There are two types of hackers in this world, one who earns handsome amount of money by doing evil things and others are those who use their skills to benefit others. Bug Bounty programmes are for those who choose to utilize their hacking skills in a genuine way.
We all know how popular Bug Bounty programs are among all tech companies. Google usually pays up to $200,000 for finding a bug in the Android operating system. Recently, the search giant Google has awarded $112,500 to a security researcher for exposing a critical flaw in Google Pixel smartphones.
Guang Gong, a security researcher from Qihoo 360 Technology’s Alpha Team reported a critical remote exploit chain flaw which affects Pixel smartphones via Google’s Android Security Rewards program in August 2017.
The exploit chain covers two separate bugs, CVE-2017-5116 and CVE-2017-14904. Both can be used together to remotely inject code into the Pixel smartphones or any other Android’s system_server process whenever victim clicks a malicious URL in Chrome.
After clicking on the malicious URL from chrome browser, hackers can gain full control to push additional malware, spy on them or even hijack the smartphone entirely.
Guang Gong was awarded $105,000 for his findings and received a bonus of $7500 making it the total of $112,500. According to Google, this was the highest reward in the history of Android security rewards program. Google has already patched the bug in December’s security update before the announcement.
So, what do you think about this? Share your views in the comment box below.