Google’s Project Zero Prize: Find Bugs in Android and Win $200000

The goal is to find vulnerability or bug chain that achieves remote code execution on multiple Android devices. 

Published
Tech News
2 min read
The contest is a way to find and destroy dangerous Android vulnerabilities before hackers exploit them in the wild. (Photo: iStockphoto)

Following Apple’s footsteps, Google announced the launch of Project Zero Prize, on Tuesday, an Android hacking contest with the first place winner getting a hefty sum of $200,000.

The contest is a way to find and destroy dangerous Android vulnerabilities before hackers exploit them in the wild.

The competition is open to all residents of the United States. The contest is also open worldwide except for Italy, Brazil, Quebec, Crimea, Cuba, Iran, Syria, Sudan and North Korea. Google has published the official rules of the contest on its Project Zero blog.

How Does it Work?

Starting from Tuesday, the contest will award cash prizes to contestants who can successfully hack any version of Android on Nexus 5X and 6P devices.

However, Google wants you to hack the devices knowing only the devices’ phone numbers and email addresses.

The contestants are allowed to open an email in Gmail or an SMS text message in Messenger, but no other user interaction beyond this is allowed.

So, to take part in the competition, one has to focus on flaws or bug chains that would allow you to perform Remote Code Execution (RCE) on multiple Android devices.

Despite the existence of vulnerability rewards programs at Google and other companies, many unique, high-quality security bugs have been discovered as a result of hacking contests.
Natalie Silvanovich, Security Researcher, Project Zero

Therefore, the company has taken this initiative to run its own hacking contest in search of severe Android security vulnerabilities.

Instead of saving up bugs until there’s an entire bug chain, and then submitting it to the Project Zero Prize, participants are asked to report the bugs in the Android issue tracker, said the blog post.

The rules read:

The entrant will then have one hour to provide the tokens, if the tokens are provided, the entry will be considered a winner. Winners (but not entries) will be posted as soon as they are verified.

Prizes?

  • First Prize - Awarded to the first winning entry. $200,000 and a guest blog post on the Project Zero Blog.

  • Second Prize - Awarded to the second winning entry. $100,000 and a guest blog post on the Project Zero Blog.

  • Third Prize - Awarded to additional winning entries. At least $50,000 awarded by Android Security Rewards and a guest post on the Project Zero Blog.


These contests end up fixing bugs that aren’t reported. So, with this competition, Google hopes to at least fix a few bugs in Android.

Read more on the competition on Project Zero Prize and the know about the rules on Project Zero Security Contest Official Rules.

Liked this story? We'll send you more. Subscribe to The Quint's newsletter and get selected stories delivered to your inbox every day. Click to get started.

The Quint is available on Telegram & WhatsApp too, click to join.

Stay Updated

Subscribe To Our Daily Newsletter And Get News Delivered Straight To Your Inbox.

Join over 120,000 subscribers!