Apple isn’t the only one proposing up a $200,000 reward for severe vulnerabilities on mobile devices. Google followed suit yesterday with the statement of the Project Zero Prize, and like the Apple Security Bounty, the top payout is $200,000.
The competition, dubbed ‘The Project Zero Prize,’ is being run by Google’s Project Zero, a team of security researchers dedicated to documenting critical bugs and making the web a safer place for everyone.
What are the Requirements?
Starting Tuesday and ending on March 14, 2017, the competition will only award cash prizes to competitors who can successfully hack any version of Android Nougat on Nexus 5X & 6P devices.
However, the catch here is that Google wants you to hack the devices knowing only the devices’ phone numbers and email addresses.
For working of their exploits, contestants are allowed to trick a user into open an email in Gmail or an SMS text message in Messenger, but no other user communication beyond this is allowed.
So, if you want to contribute in ‘The Project Zero Prize‘ contest, you are advised to emphasis on flaws or bug chains that would allow you to perform Remote Code Execution (RCE) on multiple Android devices.
“Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests,” Project Zero security researcher Natalie Silvanovich said in a blog post while announcing the competition.
Therefore, the company has taken this initiative to run its own hacking contest in search of severe Android security vulnerabilities.
The Project Zero Cash Prize
- Golden Prize: worth $200,000 USD will be awarded to the first winning entry.
- Diamond Prize: worth $100,000 USD will be awarded to the second winning entry.
- Silver Prize: At least $50,000 USD will be awarded to additional winning entries.
Besides cash prizes, winners will also be invited to write a short technical report describing their entry, which will then be posted on the Project Zero Blog.
For more information about the contest, you can check out the Project Zero Security Contest Official Rules.