Google has implemented a project to encourage assistance in collecting potential vulnerabilities for its Nexus line of mobile devices, with some considerable prizes associated with it.
Called the Project Zero Prize contest, contestants must be able to hack into a Nexus 6P and a Nexus 5X with nothing but the phone numbers and associated email addresses. Additionally, any vulnerability found must be capable of executing codes on each device remotely after a message (either email or text) is opened. Simple, right?
Not really, and that’s probably because Google is running more than just your run-of-the-mill bug bounty initiative. Google also wants to collect information on the bugs; how they work, and what methods they can use to improve protections against just these types of exploits.
As for prizes, Google is offering three top prizes awarded on a first-come, first-serve basis. Worth $200,000 for first, $100,000 for the second, and “at least” $50,000 for third, the cash prizes come with the opportunity to produce a guest post on their Project Zero Blog.
By holding this competition, Google is taking advantage of the full benefits of crowdsourcing. Rather than waiting to solve a problem after it is discovered and having to pay an entire team to reach a resolution for the single issue, Google can now get in front of a potentially much larger group of vulnerabilities and gain a head start in fixing them, for what is very likely a much cheaper price for them to pay in the long run.
Iron Edge utilizes a similar strategy to determine security weaknesses for our clients. By utilizing a process known as penetration testing, potential (or current) vulnerabilities in systems and networks are located and identified in order to better protect your systems from malicious intrusions in the future.
Read the Project Zero Security Official Contest Rules here to learn the requirements for entry. Who knows? Maybe you’ll be the one to discover the worst vulnerability that the Nexus line has!