FEB 15, 2018 01:06 PM PST

You Can Earn $250K Hunting Intel Computer Bugs

WRITTEN BY: Julia Travers

Technology company Intel has been running a Bug Bounty Program since March 2017 to encourage security researchers to hunt down vulnerabilities in its hardware and software. In February 2018, in an effort to increase the power and breadth of the search for issues like Meltdown and Spectre, disclosed in January, they have boosted the bounty for the right kind of discovery to $250,000. While the initial bounty program was only available to invited investigators, the endeavor is now open to the public, with some caveats.

Intel chip and money collage, credit: Wikimedia commons via Swaaye, public domain

“In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data,” the company explains in a statement.

What Are the Potential Vulnerabilities?

Intel developed the first commercial microprocessors in the 70s and is the maker of the processors in most computers, along with the companies ARM Processors and AMD. Central processing units (CPUs) are brain-like chips responsible for quickly interpreting and executing the majority of the commands from a computer's other hardware and software.

In January, various computer researchers came forward with discoveries of serious gaps in the security of CPUs from as far back as 2011. The vulnerabilities are called Meltdown and Spectre and they take advantage of a CPU behavior called “speculative execution;” a predictive technique in which CPUs try to think and plan ahead. It’s intended to boost performance but can also potentially expose sensitive data on computers, tablets, servers and smartphones, such as passwords and personal pictures, to hackers. Each type of vulnerability was independently identified by multiple people and groups, including members of Google Project Zero – a team of security analysts -- and academics ranging from Pennsylvania to Austria.

The two issues affect most modern operating systems including Windows, macOS, iOS, Linux, Android, Chromebooks and others. While it was hoped that most home users would likely be able to prevent any major vulnerabilities at the time by keeping new updates and anti-virus software current on their computers, some fixes from manufacturers and developers have caused slowdowns and other problems. Dell and Lenovo have withdrawn their software security patches due to numerous concerns such as “unpredictable system behavior.” New patches are still being developed and released for various systems. “Our near-term focus is on delivering high-quality mitigations to protect our customers' infrastructure from these exploits,” Intel chief executive Brian Krzanich said.

How Does the Bug Bounty Work?

The Bug Bounty Program is open to people who are at least 18 and who have not worked at Intel in the previous six months. Reports of bugs submitted to the program must meet specific encryption standards, show a brand-new concern and meet other technical requirements. While the main focus is on fresh revelations, Intel does plan to give a $1,500 maximum award for the first external report about “an internally known vulnerability.”

The new search and bounty focus on “side channel vulnerabilities,” or hidden flaws that can expose data to ill-intentioned hackers, such as Spectre and Meltdown. The Bug Bounty in its current form runs through Dec. 31, 2018 and offers rewards up to $250,000. Intel is also raising bounty levels for other types of useful discoveries to $100,000.

Intel’s processors, solid state drives, NUCs (mini personal computers), integrated circuits, chipsets, firmware and software including applications, tools and drivers are all included as potential Bug Bounty discovery targets. Intel plans to release new chips free of the two security gaps this year. Learn more about these now-famous vulnerabilities in the video below, called, “How faster computers gave us Meltdown and Spectre.”

About the Author
  • Julia Travers is a writer, artist and teacher. She frequently covers science, tech and conservation.
You May Also Like
OCT 08, 2018
Videos
OCT 08, 2018
What Is Brain Hacking and What Can We Do With It?
What exactly is “brain hacking?” Well, it sounds nefarious, but it’s actually about connecting the brain to external devices and monitors...
OCT 16, 2018
Cardiology
OCT 16, 2018
Robots, Good For The Heart
The surgeons of today need to rethink their relationship with robots. This is because the field of surgery is rapidly advancing through the development of...
NOV 20, 2018
Space & Astronomy
NOV 20, 2018
NASA Will Live-Stream the Martian InSight Landing on Monday
If you’ve been paying any attention to NASA lately, then you’ve undoubtedly heard a lot about the space agency’s InSight mission, which i...
NOV 25, 2018
Technology
NOV 25, 2018
Designing Leaping Robots Inspired from Jumping Aquatic Animals
Curious about the physical conditions that enable aquatic animals to leap out of water in such a graceful manner—researchers at Cornell University we...
DEC 01, 2018
Cell & Molecular Biology
DEC 01, 2018
Illuminating the Role of Membraneless Organelles
Princeton researchers created new tools to study liquid phase separation inside of cells, and how it influences cell behavior....
DEC 03, 2018
Health & Medicine
DEC 03, 2018
Hierarchical control representation in the brain, a key to creativity
Multivariate cortical surface activity (electroencephalogram, EEG) decoding paradigms have been used to investigate the hierarchical representation of action plans....
Loading Comments...