Jomar Teves Tech 09.16.2016 03:Sep AM EDT

Google's Project Zero: $200,000 To Anyone Who Can Hack Nexus 6P And 5X

Despite the presence of vulnerability rewards programs from Google and other companies, numerous unique, high-quality security bugs have been found as a result of hacking contests. Hoping to continue the tradition of great bugs, a new contest has been formulated by Google's Project Zero: The Project Zero Prize.

The objective of this contest is to find a vulnerability that achieves remote code execution on multiple Android devices knowing only the devices' phone number and email address. Successful entries will be qualified for the following prizes.

First Prize

$200,000 USD, awarded to the first winning entry.

Second Prize

$100,000 USD, awarded to the second winning entry.

Third Prize

At least $50,000 USD awarded by Android Security Rewards, awarded to additional winning entries.

In addition, participants who submit a winning entry will be invited to write a short technical description of their entry, which will be posted on the Project Zero Blog.

This contest will be organized a bit differently than other contests. Rather than saving up bugs until there's an entire bug chain, and then submitting it to the Project Zero Prize, contestants are asked to report the bugs in the Android issue tracker. They can then be used as a part of the submission by the participant any time during the six-month contest period.

Take note, however, that only the first person to file a bug can use it as a part of their submission, so makes sure to file early and regularly! Of course, any bugs that don't wind up being used in a submission will be considered for Android Security Rewards. Those who don't make it for the high-profile contest can also qualify for any other rewards program at from the tech giant after the challenge has ended.

Unlike other contests, the public sharing of vulnerabilities and exploits submitted is extremely important. Participants will submit a full description of how their exploit works with their submission, which will eventually be published on the Project Zero blog. Every vulnerability and exploit techniques used in each winning submission will be made public.