Google has been running a scheme to encourage hackers to find flaws in ChromeOS since 2010. Last year, it raised the maximum reward to $50,000, a figure it is now doubling to a cool $100,000. It should appeal to anyone with the knowhow to execute an attack and rivals the money hackers can make by using their skills maliciously.
The company has made the change as nobody has successfully claimed the $50,000 reward since its introduction in 2015. It is now offering a standing six-figure sum instead, ready to be paid out all year round “with no quotas and no maximum reward pool.”
“Bug bounty” programs are not uncommon in the technology and software industries. Most reputable companies now run a scheme that allows security researchers working on their own to gain a reward for their efforts. The idea has become more popular recently as technology firms have moved to accept the work of outsiders.
In October 2015, Microsoft paid one of the largest bug bounties ever to a security researcher who discovered attackers could remotely access the account of any user on its Hotmail service. Wesley Wineberg received $24,000 as a reward.
The aim of the programs is to find fatal flaws in software before people with malicious intentions do. Google wants researchers to discover any issues in ChromeOS before hackers have time to, creating a safer product by involving the community.
Anyone who successfully creates a recurring hack for a Chromebook or Chromebox device will be eligible to receive Google’s new $100,000 reward. The exploit has to facilitate remote access to the device and must persist after a reboot of the computer, requiring the attacker to plant files in areas of the machine that the user cannot usually see.
Chromebooks are famed for strong security. Their sandboxed operating system and web-based apps make them difficult to target while the comparatively low market share of ChromeOS means hackers tend to ignore them. The OS has yet to be hit by a major security scare, despite Google’s previous attempts to get hackers working to crack it.
Alongside the new reward, Google announced the introduction of a bug bounty for the “Safe Browsing” feature in its Chrome browser. It will now pay researchers who develop methods to bypass the download protection features in Chrome, providing the end user with a more secure browser.
Google said “it’s no secret” that it takes security seriously. The changes have been made to continue to reward researchers who want to help the company, benefitting users in the process and giving white hat hackers added incentive to investigate its products.
