Google is looking for hackers who can get into their Chrome operating system via the Internet and compromise it. The company is offering successful hackers nearly $3 million for the security challenge that will take place in Vancouver during the first week of March.
The competition follows outrage over Google Chrome’s voice-recognition abilities that can potentially invade the privacy of users. The story that caused a storm was that a Chrome hack had been able to eavesdrop on people using the Google Chrome browser. While the company has announced it has a solution available, this has not yet been implemented. Instead, it seems that they are using an annual competition to invite serious hackers to show them just how real the threat could be.
In a “hackathon” titled Pwnium 4, competitors are invited to compromise the system “with device persistence” via a web page, rebooting from time to time. Any breach that occurs which lets a hacker control a PC that is using the Chromium operating system after it has rebooted will be rewarded with substantial dollars. The grand prize offered is $150,000, while slightly lower prizes of $110,000 will be given to hackers who find “other major holes” in Chrome’s operating system. Even “clever hacks” will be rewarded with smaller prizes for lesser achievements.
This is the fourth hackathon that Google has held. Previously prizes totalling $1 million and $2 million were offered, however the OS was not the target, but rather the browser itself. So far Google has not had to pay out the full rewards it has offered for its challenges.
News of the Internet challenge is likely to pull in some serious hackers when they find out that Google offers nearly $3 million in total this year for information and proof of how security can be breached.
According to Jorge Lucángeli Obes, Googles’s Security Engineer, security is a “core tenet” of the Chrome operating system, which is what drives them to hold competitions and find out more from “security researchers” – or less politely, from hackers.
Rules of the competition require hackers to use any one of three devices that utilize the Chrome OS. Entrants can choose from an HP Chromebook 11; a Chromebook that is ARM-based; or an Acer C720 Chromebook. The “attack” has to be initiated and demonstrated while the device is running a “stable” version of the Chrome operating system.
Competitors need to compete from the CanSecWest security conference center in Vancouver, Canada. Registration is open until March 10 for anyone wanting to make a name for themselves as the 2014 Chrome OS hack.
There is no specific requirement in terms of what competitors are required to do to hack the system, but participants will likely be challenging the voice-control element that has already been proven to be vulnerable. The potential problem is that the site should be secure, and the browser does not need to ask permission when it wants to run its voice-recognition software.
Since Google offers nearly $3 million in prizes this year, it’s difficult to understand why keen and competent hackers wouldn’t want to give this Internet challenge a try.
By Penny Swift