FEB 15, 2018 01:06 PM PST

You Can Earn $250K Hunting Intel Computer Bugs

WRITTEN BY: Julia Travers

Technology company Intel has been running a Bug Bounty Program since March 2017 to encourage security researchers to hunt down vulnerabilities in its hardware and software. In February 2018, in an effort to increase the power and breadth of the search for issues like Meltdown and Spectre, disclosed in January, they have boosted the bounty for the right kind of discovery to $250,000. While the initial bounty program was only available to invited investigators, the endeavor is now open to the public, with some caveats.

Intel chip and money collage, credit: Wikimedia commons via Swaaye, public domain

“In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data,” the company explains in a statement.

What Are the Potential Vulnerabilities?

Intel developed the first commercial microprocessors in the 70s and is the maker of the processors in most computers, along with the companies ARM Processors and AMD. Central processing units (CPUs) are brain-like chips responsible for quickly interpreting and executing the majority of the commands from a computer's other hardware and software.

In January, various computer researchers came forward with discoveries of serious gaps in the security of CPUs from as far back as 2011. The vulnerabilities are called Meltdown and Spectre and they take advantage of a CPU behavior called “speculative execution;” a predictive technique in which CPUs try to think and plan ahead. It’s intended to boost performance but can also potentially expose sensitive data on computers, tablets, servers and smartphones, such as passwords and personal pictures, to hackers. Each type of vulnerability was independently identified by multiple people and groups, including members of Google Project Zero – a team of security analysts -- and academics ranging from Pennsylvania to Austria.

The two issues affect most modern operating systems including Windows, macOS, iOS, Linux, Android, Chromebooks and others. While it was hoped that most home users would likely be able to prevent any major vulnerabilities at the time by keeping new updates and anti-virus software current on their computers, some fixes from manufacturers and developers have caused slowdowns and other problems. Dell and Lenovo have withdrawn their software security patches due to numerous concerns such as “unpredictable system behavior.” New patches are still being developed and released for various systems. “Our near-term focus is on delivering high-quality mitigations to protect our customers' infrastructure from these exploits,” Intel chief executive Brian Krzanich said.

How Does the Bug Bounty Work?

The Bug Bounty Program is open to people who are at least 18 and who have not worked at Intel in the previous six months. Reports of bugs submitted to the program must meet specific encryption standards, show a brand-new concern and meet other technical requirements. While the main focus is on fresh revelations, Intel does plan to give a $1,500 maximum award for the first external report about “an internally known vulnerability.”

The new search and bounty focus on “side channel vulnerabilities,” or hidden flaws that can expose data to ill-intentioned hackers, such as Spectre and Meltdown. The Bug Bounty in its current form runs through Dec. 31, 2018 and offers rewards up to $250,000. Intel is also raising bounty levels for other types of useful discoveries to $100,000.

Intel’s processors, solid state drives, NUCs (mini personal computers), integrated circuits, chipsets, firmware and software including applications, tools and drivers are all included as potential Bug Bounty discovery targets. Intel plans to release new chips free of the two security gaps this year. Learn more about these now-famous vulnerabilities in the video below, called, “How faster computers gave us Meltdown and Spectre.”

About the Author
  • Julia Travers is a writer, artist and teacher. She frequently covers science, tech and conservation.
You May Also Like
OCT 16, 2019
Cardiology
OCT 16, 2019
When Does Smartphone Usage Increase Obesity Risk?
It’s well known that decreased physical activity and obesity are not good for the heart. As more people use smartphones more often, they are moving a...
OCT 16, 2019
Space & Astronomy
OCT 16, 2019
The Science Behind the First Powered Flight on Another Planet
NASA’s upcoming Mars 2020 mission involves much more than just another land-based rover – it will also pioneer the very first powered flight on...
OCT 16, 2019
Space & Astronomy
OCT 16, 2019
India's Chandrayaan-2 Lunar Mission Has Gone Terribly Wrong
The Indian Space Research Organization (ISRO) launched a particularly important mission dubbed Chandrayaan-2 on July 22nd. Its long-term goal was to study...
OCT 16, 2019
Technology
OCT 16, 2019
Technology Helps Parents Understand Their Baby
Researchers at the University of York may now help parents understand what their babies are thinking through an app called ‘BabyMind’. The app ...
OCT 16, 2019
Technology
OCT 16, 2019
Electrical Technology To Treat Baldness?
Hair loss still remains a fear among most men. However, reversing baldness may someday be simple as wearing a hat. Now, researchers at the University of Wi...
OCT 16, 2019
Space & Astronomy
OCT 16, 2019
SpaceX Will Need to Demonstrate a Dragon Capsule Abort for NASA
NASA’s Commercial Crew initiative enabled third-party contractors such as Boeing and SpaceX to develop platforms that may be used in future crewed mi...
Loading Comments...