Just in:
Cheap RAT spreads through Telegram channels // Afogreen Build Highlights Growing Adoption of Building Performance Modelling in Australia’s Sustainability-Driven Construction Sector // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // Abu Dhabi starts new Saadiyat arts landmark // Bangladesh-China Joint Statement On Teesta Cooperation Poses A Big Challenge To India // Binzhou’s Leap from Manufacturing to Intelligent Manufacturing // Bid To Rebuild Bengal To Its Old Glory Is Welcome, Though Difficult // Tehran blocks French role in Hormuz clearance // Where Minds Meet to Launch Space Economy Association Off the Ground // ClawHub breach exposes agent marketplace risk // France and Oman press toll-free Hormuz passage // China’s digital hub Hangzhou hosts conference on AI, OPC // Taiwan International Plant-Based Festival Launches in Singapore: High-End Culinary Partnerships and Diplomatic Exhibitions Shape Premium Agri-Product Branding // Beijing widens Japan curbs as Takaichi row deepens // Hawaii tests plastic waste in roads // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia // DSQ Real Estate Highlights Post-Purchase Advisory as a Growing Need for Overseas Dubai Property Owners // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // OpenAI limits Sol launch amid cyber risks // XRG and Eni deepen Argentina LNG push //

Didn't we offer you enough? Google's $350,000 Project Zero prize attracts junk entries

1491156796 mansmartphoneistock 493694552

mansmartphoneistock-493694552.jpg

The Project Zero Prize sought bugs that gave an remote code execution on multiple Android devices when only the phone number and email address of the target device were known.


Image: Laurent Delhourme, Getty Images/iStockphoto

Google’s Project Zero bug-hunting group hoped that launching a special six-month hacker prize with a top payout of $200,000 would uncover novel remote code execution (RCE) attacks on Android. However, the prize has now concluded with not only no winners, but not a single valid entry.

“Everything we received was either spam, or did not remotely resemble a contest entry as described in the rules,” wrote Project Zero member Natalie Silvanovich.

ADVERTISEMENT

Google announced the Project Zero Prize in September, offering hackers $200,000 for the winning entry, $100,000 for the runner-up, and $50,000 to additional winning entries. It differed from Google’s other rewards programs, which pay researchers for qualifying bugs, and from contests that incentivize hackers to save up bugs for a larger prize on competition day.

Instead, the Project Zero Prize sought a bug or series of bugs that gave an RCE on multiple Android devices when only the phone number and email address of the target device were known.

Also, the attack mustn’t require user interaction, such as clicking on a malicious link. In other words, they were hoping to find a bug like Stagefright, which could be exploited merely by receiving a malicious media file.

Hackers were also required to report the bugs in the Android issue tracker as they’re found, with the assurance to the first reporter of each bug that he or she had exclusive rights to use that bug as part of a chained attack.

Project Zero hoped to pick the best out of a selection of submissions, as well as gather knowledge about the market for trading zero-day vulnerabilities.

The group accounted for the possibility that it would fail to attract any submissions, noting that in this event it would still learn something, but it was expecting at least a few submissions.

Project Zero’s discussions with hackers about the prize point to several issues that caused the lack of entries, according to Silvanovich.

The first is that excluding attacks that required user interaction may have set the bar too high. Silvanovich said it is “likely that this was a sticking point for participants”.

“While this type of bug is not unheard of, it is likely difficult to find quality bugs in this area. This means that the timeframe of the contest or prize amount may not have been adequate to elicit this type of bug,” Silvanovich wrote.

A second potential obstacle was the rule requiring contestants to submit bugs on the go, even before a full chain had been achieved.

“We underestimated the impact of other contests on participants’ incentives,” noted Silvanovich.

“We expected these rules to encourage participants to file any bugs they found immediately, as only the first finder could use a specific bug, and multiple reports of the same Android bug are fairly common. Instead, some participants chose to save their bugs for other contests that had lower prize amounts but allowed user interaction, and accept the risk that someone else might report them in the meantime.”

Finally, Project Zero is taking the absence of entries to mean the prizes were too low, given the difficulty of the rules for the contest.

On the bright side, Silvanovich said the contest was a learning experience that may help inform future contests.

More on security

(via PCMag)



Notice an issue?

Arabian Post strives to deliver the most accurate and reliable information to its readers. If you believe you have identified an error or inconsistency in this article, please don't hesitate to contact our editorial team at editor[at]thearabianpost[dot]com. We are committed to promptly addressing any concerns and ensuring the highest level of journalistic integrity.


ADVERTISEMENT
Social Media Auto Publish Powered By : XYZScripts.com
Just in:
Where Minds Meet to Launch Space Economy Association Off the Ground // Bangladesh-China Joint Statement On Teesta Cooperation Poses A Big Challenge To India // World’s First Commercial Multimodal LLM for Cultural Tourism Enters Broad Application // France and Oman press toll-free Hormuz passage // Afogreen Build Highlights Growing Adoption of Building Performance Modelling in Australia’s Sustainability-Driven Construction Sector // CG Capital, the Leader in Branded Residences in Thailand, Marks Milestone Success for InterContinental Residences Bangkok Asoke Amid Global Economic Uncertainty // Dubai advances Gold Line contractor race // Abu Dhabi starts new Saadiyat arts landmark // Beijing widens Japan curbs as Takaichi row deepens // Cheap RAT spreads through Telegram channels // Why your AI transformation can fail — and it’s not the technology // Taiwan International Plant-Based Festival Launches in Singapore: High-End Culinary Partnerships and Diplomatic Exhibitions Shape Premium Agri-Product Branding // Most UAE expats under-insured, reveals survey // This summer will never stop us from our wellness routine // ClawHub breach exposes agent marketplace risk // 5 Law Firms Making a Difference in Cincinnati // Save the Children Hong Kong’s Play to Thrive: Prioritising Personal Growth Over Competitive Success // Tehran blocks French role in Hormuz clearance // PRHK 2026 Benchmark Report highlights how Hong Kong’s IPO revival, AI, and the GBA are reshaping the SAR’s PR industry // Bracell Welcomes Fernando Branco’s Appointment to Lead ABAF and Reinforces Commitment to Sustainable Forestry Development in Bahia //