Hackers Can Now Make $100,000 For Pwning the Chromebook
Bug bounties have become a staple part of information security. Hackers who discover vulnerabilities in certain products or services can inform the vendor affected, and get financial compensation in return.
Now, Google is doubling the bounty available for one of its fairly popular products: the humble Chromebook.
“Last year we introduced a $50,000 reward for the persistent compromise of a Chromebook in guest mode,” Nathan Parker and Tim Willis write on the Google Security Blog.
“Since we introduced the $50,000 reward, we haven’t had a successful submission. That said, great research deserves great awards, so we’re putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool,” the pair continue.
Hackers can now pocket a tidy $100,000 for a successful compromise of the Chromebook, and Google’s website adds that the exploit could be delivered via a webpage.
With a higher financial incentive, perhaps more white hat hackers will be attracted to hitting the Chromebook
Chromebooks are super-cheap laptops that come with a relatively tiny hard-drive, and most of the computer’s functions can only be completed while it’s connected to the internet. They run on Chrome OS, a custom operating system from Google, which is based on the Linux kernel, and only really allows users to run web applications, making them pretty suitable for everyday consumers.
There may not be a whole lot of room for customization or control over the operating system, but that’s part of the attraction, at least from a security point of view: Typically, only applications from the Chrome web store can be installed onto the device, meaning that attackers have much fewer options when it comes to taking control of the device.
But no operating system is fully secure, which is presumably the reason Google has bumped up its bug bounty. With a higher financial incentive, perhaps more white hat hackers will be attracted to hitting the Chromebook.
Parker and Willis also announced that the company has added a Download Protection Bypass bounty. Chrome has various protections against malicious websites that might surreptitiously download files in the background, unbeknown to the visitor.
The blog post pointed out that Google paid out over $2,000,000 in bug bounties last year.
Source | Motherboard