1. 9
    Announcing the Project Zero Prize android googleprojectzero.blogspot.com
    sagi avatar via sagi 1 year ago | cached | 2 comments

  1.  

  2. 6
    Robbie avatar Robbie 1 year ago | link

    Sounds like they’re trying to burn as many exploits used in expensive surveillance suites as possible. Good for them for having the budget to host this :)

    1. 4
      sagi avatar sagi edited 1 year ago | link

      Yup! I’m thrilled to see the exploit-chains that are submitted.

      Their requirements are high:

      1. attack vectors: email rendered by gmail app, SMS opened by messenger app.
      2. remote code execution should elevate privileges to (at least) system security context.
      3. exploit-chain should work on both nexus 6p and nexus 5x (an attempt to eliminate vendor-specific threats).

      I recon that we’re about to see an exploit-chain that starts with the baseband-modem (i.e. messing with GSM / CDMA stuff).

      Exciting times :)