Last year, Google introduced a new Bug Hunters platform to encompass all its Vulnerability Reward Programs. An expanded “Android and Google Devices Security Reward Program” now brings Nest and Fitbit into the fold with Pixel.
Building on our previous programs to improve devices’ embedded security posture, we’re bringing all our first-party devices under a single program, starting with Google Nest, Fitbit, and Pixel.
Notably, the “Android Security Reward Program,” which already included Pixel phones, has been extended to become the “Android and Google Devices Security Reward Program.” Google hopes this will make it “easier for researchers to submit a vulnerability in first-party devices and improving consistency across our severity assignments.”
The company is looking for firmware, system software, and hardware vulnerabilities, and will be doubling the smart home – building on previous commitments – and wearables reward amount for the next six months. Additionally, it’s “paying higher rewards retroactively for eligible Google Nest and Fitbit devices reports submitted in 2021.”
We will continue to take reports on our web applications, services, and mobile apps at their existing reward levels. Please keep those coming!
The program scope is as follows even as current smart home and fitness devices don’t run Android:
Pixel: Pixel 6 and Pixel 6 Pro, Pixel 5, Pixel 4a 5G, Pixel 4a, Pixel 4 and Pixel 4 XL, Pixel 3a and Pixel 3a XL
Google Nest
- Cameras & Doorbells: Nest Cam (battery), Nest Cam (wired), Nest Doorbell (battery), Nest Doorbell (wired)
- Speakers: Nest Mini (2nd gen), Nest Audio
- Displays: Nest Hub Max, Nest Hub (2nd Gen)
- Thermostats: Nest Learning Thermostat, Nest Thermostat
- Wi-Fi: Google WiFi, Nest WiFi
- Streaming: Chromecast with Google TV, Chromecast
- Smoke & CO alarm: Nest Protect
- Door lock: Nest x Yale Lock
Fitbit: Versa 3 (smartwatch), Sense (smartwatch), Luxe (tracker), Inspire 2 (tracker), Charge 5 (tracker)
Author: Abner Li
Source: 9TO5Google
