By Mike Freeman, San Diego Union-Tribune
Qualcomm has launched a bounty program where it will pay up to $15,000 to a select group of white hat hackers if they can find cyberflaws in the San Diego wireless firm’s mobile chips and software.
The company, which claims the bug bounty program is the first of its kind from a silicon chip maker, is partnering with HackerOne to administer the program for its Snapdragon family of processors.
The bounty is open to invitation only participants, which include more than 40 security researchers who have made vulnerability disclosures in the past.
“Over the years, researchers have helped us improve the security of our products by reporting vulnerabilities directly to us," said Alex Gantman, vice president of engineering for Qualcomm Technologies, in a statement. "Although the vast majority of security improvements in our products come from our internal efforts, a vulnerability rewards program represents a meaningful part of our broader security efforts."
This summer, security researcher Check Point discovered vulnerabilities that potentially could have affected as many as 900 million Android phones using Qualcomm chips. Check Point claimed the bug, called Quadrooter, could lead hackers to gaining total control over infected devices. Google released a series of patches to fix Android gadgets, with the last one going out in October.
The bug bounty program targets eight integrated Snapdragon mobile processors and four 4G LTE Snapdragon modems, including the latest versions on the market.
Qualcomm will pay $15,000 for ”critical” security vulnerabilities related to its cellular modems, and $9,000 to $8,000 for critical flaws in application processors and other components.
A critical vulnerability would allow a cyberattacker to gain control of the device remotely or stop it from working in a way that makes data stored on the phone unrecoverable.
For less critical security flaws, the company will pay $1,000 to $5,000.
"The most security conscious organizations embrace the hacker community's critical role in a comprehensive security strategy," said Alex Rice, chief technology officer of HackerOne, in a statement. "With Qualcomm Technologies' vulnerability rewards program they will continue to build vital relationships with the external security researcher community.”
The program began this week. More information is available here.
©2016 The San Diego Union-Tribune Distributed by Tribune Content Agency, LLC.
