FEB 15, 2018 01:06 PM PST

You Can Earn $250K Hunting Intel Computer Bugs

WRITTEN BY: Julia Travers

Technology company Intel has been running a Bug Bounty Program since March 2017 to encourage security researchers to hunt down vulnerabilities in its hardware and software. In February 2018, in an effort to increase the power and breadth of the search for issues like Meltdown and Spectre, disclosed in January, they have boosted the bounty for the right kind of discovery to $250,000. While the initial bounty program was only available to invited investigators, the endeavor is now open to the public, with some caveats.

Intel chip and money collage, credit: Wikimedia commons via Swaaye, public domain

“In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data,” the company explains in a statement.

What Are the Potential Vulnerabilities?

Intel developed the first commercial microprocessors in the 70s and is the maker of the processors in most computers, along with the companies ARM Processors and AMD. Central processing units (CPUs) are brain-like chips responsible for quickly interpreting and executing the majority of the commands from a computer's other hardware and software.

In January, various computer researchers came forward with discoveries of serious gaps in the security of CPUs from as far back as 2011. The vulnerabilities are called Meltdown and Spectre and they take advantage of a CPU behavior called “speculative execution;” a predictive technique in which CPUs try to think and plan ahead. It’s intended to boost performance but can also potentially expose sensitive data on computers, tablets, servers and smartphones, such as passwords and personal pictures, to hackers. Each type of vulnerability was independently identified by multiple people and groups, including members of Google Project Zero – a team of security analysts -- and academics ranging from Pennsylvania to Austria.

The two issues affect most modern operating systems including Windows, macOS, iOS, Linux, Android, Chromebooks and others. While it was hoped that most home users would likely be able to prevent any major vulnerabilities at the time by keeping new updates and anti-virus software current on their computers, some fixes from manufacturers and developers have caused slowdowns and other problems. Dell and Lenovo have withdrawn their software security patches due to numerous concerns such as “unpredictable system behavior.” New patches are still being developed and released for various systems. “Our near-term focus is on delivering high-quality mitigations to protect our customers' infrastructure from these exploits,” Intel chief executive Brian Krzanich said.

How Does the Bug Bounty Work?

The Bug Bounty Program is open to people who are at least 18 and who have not worked at Intel in the previous six months. Reports of bugs submitted to the program must meet specific encryption standards, show a brand-new concern and meet other technical requirements. While the main focus is on fresh revelations, Intel does plan to give a $1,500 maximum award for the first external report about “an internally known vulnerability.”

The new search and bounty focus on “side channel vulnerabilities,” or hidden flaws that can expose data to ill-intentioned hackers, such as Spectre and Meltdown. The Bug Bounty in its current form runs through Dec. 31, 2018 and offers rewards up to $250,000. Intel is also raising bounty levels for other types of useful discoveries to $100,000.

Intel’s processors, solid state drives, NUCs (mini personal computers), integrated circuits, chipsets, firmware and software including applications, tools and drivers are all included as potential Bug Bounty discovery targets. Intel plans to release new chips free of the two security gaps this year. Learn more about these now-famous vulnerabilities in the video below, called, “How faster computers gave us Meltdown and Spectre.”

About the Author
  • Julia Travers is a writer, artist and teacher. She frequently covers science, tech and conservation.
You May Also Like
JUL 25, 2018
Technology
JUL 25, 2018
3D Model of The Human Heart Ventricle
In a study published in Nature Biomedical Engineering, scientists of Harvard University, in collaboration between SEAS, Wyss, Boston Children's Hospita...
JUL 25, 2018
Videos
JUL 25, 2018
How Dangerous is a Lightning Strike to an Airplane?
Lightning frequently strikes airplanes as they fly through the clouds thousands of feet above the Earth’s surface, but is there any reason for airpla...
AUG 22, 2018
Neuroscience
AUG 22, 2018
Testing For Cognitive Decline Made Easier
In any form of disease, the sooner a diagnosis is found, the sooner treatment can begin. Finding a health problem early is the best way to increase the cha...
SEP 08, 2018
Technology
SEP 08, 2018
Someday A Cyborg Cockroach Can Save Our Lives
Researchers at the University of Connecticut have developed a tiny neuro-controller that can provide precise control for futuristic biobots. One such biobo...
SEP 08, 2018
Technology
SEP 08, 2018
'Robat' Uses A Bat Like Approach
According to a study published in PLOS Computational Biology, a fully autonomous bat-like terrestrial robot called ‘Robat’ utilizes echolocatio...
SEP 30, 2018
Technology
SEP 30, 2018
Glucose-Powered Biosensors May Detect Disease
Cross-disciplinary scientists at Washington State University created an implantable, biofuel-powered sensor that runs on sugar and can monitor a signals th...
Loading Comments...