FEB 15, 2018 1:06 PM PST

You Can Earn $250K Hunting Intel Computer Bugs

WRITTEN BY: Julia Travers

Technology company Intel has been running a Bug Bounty Program since March 2017 to encourage security researchers to hunt down vulnerabilities in its hardware and software. In February 2018, in an effort to increase the power and breadth of the search for issues like Meltdown and Spectre, disclosed in January, they have boosted the bounty for the right kind of discovery to $250,000. While the initial bounty program was only available to invited investigators, the endeavor is now open to the public, with some caveats.

Intel chip and money collage, credit: Wikimedia commons via Swaaye, public domain

“In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data,” the company explains in a statement.

What Are the Potential Vulnerabilities?

Intel developed the first commercial microprocessors in the 70s and is the maker of the processors in most computers, along with the companies ARM Processors and AMD. Central processing units (CPUs) are brain-like chips responsible for quickly interpreting and executing the majority of the commands from a computer's other hardware and software.

In January, various computer researchers came forward with discoveries of serious gaps in the security of CPUs from as far back as 2011. The vulnerabilities are called Meltdown and Spectre and they take advantage of a CPU behavior called “speculative execution;” a predictive technique in which CPUs try to think and plan ahead. It’s intended to boost performance but can also potentially expose sensitive data on computers, tablets, servers and smartphones, such as passwords and personal pictures, to hackers. Each type of vulnerability was independently identified by multiple people and groups, including members of Google Project Zero – a team of security analysts -- and academics ranging from Pennsylvania to Austria.

The two issues affect most modern operating systems including Windows, macOS, iOS, Linux, Android, Chromebooks and others. While it was hoped that most home users would likely be able to prevent any major vulnerabilities at the time by keeping new updates and anti-virus software current on their computers, some fixes from manufacturers and developers have caused slowdowns and other problems. Dell and Lenovo have withdrawn their software security patches due to numerous concerns such as “unpredictable system behavior.” New patches are still being developed and released for various systems. “Our near-term focus is on delivering high-quality mitigations to protect our customers' infrastructure from these exploits,” Intel chief executive Brian Krzanich said.

How Does the Bug Bounty Work?

The Bug Bounty Program is open to people who are at least 18 and who have not worked at Intel in the previous six months. Reports of bugs submitted to the program must meet specific encryption standards, show a brand-new concern and meet other technical requirements. While the main focus is on fresh revelations, Intel does plan to give a $1,500 maximum award for the first external report about “an internally known vulnerability.”

The new search and bounty focus on “side channel vulnerabilities,” or hidden flaws that can expose data to ill-intentioned hackers, such as Spectre and Meltdown. The Bug Bounty in its current form runs through Dec. 31, 2018 and offers rewards up to $250,000. Intel is also raising bounty levels for other types of useful discoveries to $100,000.

Intel’s processors, solid state drives, NUCs (mini personal computers), integrated circuits, chipsets, firmware and software including applications, tools and drivers are all included as potential Bug Bounty discovery targets. Intel plans to release new chips free of the two security gaps this year. Learn more about these now-famous vulnerabilities in the video below, called, “How faster computers gave us Meltdown and Spectre.”

About the Author
Julia Travers is a writer, artist and teacher. She frequently covers science, tech, conservation and the arts. She enjoys solutions journalism. Find more of her work at jtravers.journoportfolio.com.
You May Also Like
OCT 13, 2022
Technology
Four-Legged Robots Allowed to Run in The Wild Thanks to New Algorithms
OCT 13, 2022
Four-Legged Robots Allowed to Run in The Wild Thanks to New Algorithms
In a recent study that will be presented at the 2022 International Conference on Intelligent Robots and Systems (IROS) i ...
OCT 07, 2022
Drug Discovery & Development
A wearable sensor that can monitor tumor size changes in real-time
OCT 07, 2022
A wearable sensor that can monitor tumor size changes in real-time
As cancer drugs are developed, one important process the drug goes through is testing in experimental animals. The use o ...
OCT 09, 2022
Space & Astronomy
Calibrating the Luminosity of Nearby Stars
OCT 09, 2022
Calibrating the Luminosity of Nearby Stars
Scientists at the National Institute of Standards and Technology (NIST) have been working to improve methods for calibra ...
OCT 29, 2022
Technology
Making EVs More Enticing for Drivers
OCT 29, 2022
Making EVs More Enticing for Drivers
In a recent study published in IEEE Transactions on Intelligent Transport Systems, a pair of researchers from North Caro ...
OCT 22, 2022
Space & Astronomy
Binary Pair of Stars Creates "Fingerprint" in Space
OCT 22, 2022
Binary Pair of Stars Creates "Fingerprint" in Space
A new paper published in Nature Astronomy includes a new image from NASA’s James Webb Space Telescope (JWST) that ...
NOV 19, 2022
Health & Medicine
Artificial Light Exposure May Increase Diabetes Risk
NOV 19, 2022
Artificial Light Exposure May Increase Diabetes Risk
In the modern world, many people are exposed to artificial light at night. It's even become such a problem that dark sky ...
Loading Comments...