Recent news, Google has announced a six-month-long hacking contest known as “project zero Prize”. Basically, this is a free to enter competition contest for all the hackers, who think they can hack android and find bugs in the system. These participants will be asked to create an exploit chain, which can breach android security. The main reason behind the launch of the hacking contest is to find out the security flaws in the Android system. And the users, who participate will do every possible thing to find a bug.
Google has also set the huge amount of prizes to people, who find the security flaws. The top 3 participants will be awarded a huge amount of prizes by google. According to reports the first prize is set to $200,000, following with second prize is $100,000 and $50,000 is the third prize.
These hacking contests aren’t new in this technology and IT firm world. Recently, even Apple has conducted a hacking contest to find out the security level of their system and there were a lot of prizes for researchers, who exploit the system. Natalie Silvanovich said, the goal of this contest is “to find a vulnerability or bug chain that achieves remote code execution on multiple Android devices knowing only the devices’ phone number and email address”.
According to reports, this hacking contest will be conducted in Google’s Vulnerabilities Rewards Program (VRP), which is in the company’s bug bounty system, Also there will be monetary rewards for hackers, who find and reports security bugs. Apart from that any bug reported by a participant can be used later also, but only by the same participant. And when the participant submits a full description, then it will be posted on official team’s blog.
When asked about the hacking contest, Silvanovich stated by an explanation “Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests. Hoping to continue the stream of great bugs, we’ve decided to start our own contest: The Project Zero Prize.”
Later he also said that “Our main motivation is to gain information about how these bugs and exploits work. There are often rumors of remote Android exploits, but it’s fairly rare to see one in action. We’re hoping this contest will improve the public body of knowledge on these types of exploits. Hopefully, this will teach us what components these issues can exist in, how security mitigations are bypassed and other information that could help protect against these types of bugs… Also, we’re hoping to get dangerous bugs fixed so they don’t impact users. Contests often lead to types of bugs that are less commonly reported getting fixed, so we’re hoping this contest leads to at least a few bugs being fixed in Android.”