Google: We'll pay $100k if you can hack a Chromebook remotely
Google has put up a $100,000 reward for anyone who can find a way to hack its Chromebook over the web.
The move doubles last year's top reward of $50,000, available exclusively for attacks that achieve a persistent compromise on a Chromebook in 'guest mode', meaning the attacker's code sticks around on the device even after a reboot and affects subsequent guest-mode sessions.
In the context of a Chromebook, guest mode is a locked-down state designed to support device sharing, which protects the owner's Chrome profile from tampering, and is meant to ensure browser data and cookies vanish at the end of a session.
But as Google outlined on Monday, in the year since it dangled the $50,000 Chromebook reward under its Chrome Reward Program, it hasn't received a single successful submission.
"That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google security team members said.
According to Google's rewards page: "We have a standing $100,000 reward for participants who can compromise a Chromebook or Chromebox with device persistence in guest mode, ie, guest-to-guest persistence with interim reboot, delivered via a web page."
Google has previously offered more for the same attacks on Chromebooks at the Pwnium hacking contest but that was a one-day prize under competition rules rather than a year-round offer.
With attacks on Chromebooks accounting for none of the more than $2m Google paid out to researchers for reporting security bugs last year, the new top reward is designed to encourage more activity in this area.
Source; http://www.zdnet.com/article/google-well-pay-100k-if-you-can-hack-a-chromebook-remotely/
Google has put up a $100,000 reward for anyone who can find a way to hack its Chromebook over the web.
The move doubles last year's top reward of $50,000, available exclusively for attacks that achieve a persistent compromise on a Chromebook in 'guest mode', meaning the attacker's code sticks around on the device even after a reboot and affects subsequent guest-mode sessions.
In the context of a Chromebook, guest mode is a locked-down state designed to support device sharing, which protects the owner's Chrome profile from tampering, and is meant to ensure browser data and cookies vanish at the end of a session.
But as Google outlined on Monday, in the year since it dangled the $50,000 Chromebook reward under its Chrome Reward Program, it hasn't received a single successful submission.
"That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool," Google security team members said.
According to Google's rewards page: "We have a standing $100,000 reward for participants who can compromise a Chromebook or Chromebox with device persistence in guest mode, ie, guest-to-guest persistence with interim reboot, delivered via a web page."
Google has previously offered more for the same attacks on Chromebooks at the Pwnium hacking contest but that was a one-day prize under competition rules rather than a year-round offer.
With attacks on Chromebooks accounting for none of the more than $2m Google paid out to researchers for reporting security bugs last year, the new top reward is designed to encourage more activity in this area.
Source; http://www.zdnet.com/article/google-well-pay-100k-if-you-can-hack-a-chromebook-remotely/