FEB 15, 2018 1:06 PM PST

You Can Earn $250K Hunting Intel Computer Bugs

WRITTEN BY: Julia Travers

Technology company Intel has been running a Bug Bounty Program since March 2017 to encourage security researchers to hunt down vulnerabilities in its hardware and software. In February 2018, in an effort to increase the power and breadth of the search for issues like Meltdown and Spectre, disclosed in January, they have boosted the bounty for the right kind of discovery to $250,000. While the initial bounty program was only available to invited investigators, the endeavor is now open to the public, with some caveats.

Intel chip and money collage, credit: Wikimedia commons via Swaaye, public domain

“In support of our recent security-first pledge, we’ve made several updates to our program. We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data,” the company explains in a statement.

What Are the Potential Vulnerabilities?

Intel developed the first commercial microprocessors in the 70s and is the maker of the processors in most computers, along with the companies ARM Processors and AMD. Central processing units (CPUs) are brain-like chips responsible for quickly interpreting and executing the majority of the commands from a computer's other hardware and software.

In January, various computer researchers came forward with discoveries of serious gaps in the security of CPUs from as far back as 2011. The vulnerabilities are called Meltdown and Spectre and they take advantage of a CPU behavior called “speculative execution;” a predictive technique in which CPUs try to think and plan ahead. It’s intended to boost performance but can also potentially expose sensitive data on computers, tablets, servers and smartphones, such as passwords and personal pictures, to hackers. Each type of vulnerability was independently identified by multiple people and groups, including members of Google Project Zero – a team of security analysts -- and academics ranging from Pennsylvania to Austria.

The two issues affect most modern operating systems including Windows, macOS, iOS, Linux, Android, Chromebooks and others. While it was hoped that most home users would likely be able to prevent any major vulnerabilities at the time by keeping new updates and anti-virus software current on their computers, some fixes from manufacturers and developers have caused slowdowns and other problems. Dell and Lenovo have withdrawn their software security patches due to numerous concerns such as “unpredictable system behavior.” New patches are still being developed and released for various systems. “Our near-term focus is on delivering high-quality mitigations to protect our customers' infrastructure from these exploits,” Intel chief executive Brian Krzanich said.

How Does the Bug Bounty Work?

The Bug Bounty Program is open to people who are at least 18 and who have not worked at Intel in the previous six months. Reports of bugs submitted to the program must meet specific encryption standards, show a brand-new concern and meet other technical requirements. While the main focus is on fresh revelations, Intel does plan to give a $1,500 maximum award for the first external report about “an internally known vulnerability.”

The new search and bounty focus on “side channel vulnerabilities,” or hidden flaws that can expose data to ill-intentioned hackers, such as Spectre and Meltdown. The Bug Bounty in its current form runs through Dec. 31, 2018 and offers rewards up to $250,000. Intel is also raising bounty levels for other types of useful discoveries to $100,000.

Intel’s processors, solid state drives, NUCs (mini personal computers), integrated circuits, chipsets, firmware and software including applications, tools and drivers are all included as potential Bug Bounty discovery targets. Intel plans to release new chips free of the two security gaps this year. Learn more about these now-famous vulnerabilities in the video below, called, “How faster computers gave us Meltdown and Spectre.”

About the Author
  • Julia Travers is a writer, artist and teacher. She frequently covers science, tech, conservation and the arts. She enjoys solutions journalism. Find more of her work at jtravers.journoportfolio.com.
You May Also Like
JUL 01, 2020
Technology
Computerize Your Dog
JUL 01, 2020
Computerize Your Dog
Scientists at CAMERA, a research institute at the University of Bath, can make it possible to computerize your dog using ...
JUL 17, 2020
Technology
How Digital Data Can Determine Your Behavior
JUL 17, 2020
How Digital Data Can Determine Your Behavior
Digital data is the product of our technological uses. Simply opening your smartphone and googling something personal ca ...
AUG 20, 2020
Technology
How Routing Apps Can Fix The Traffic Problem?
AUG 20, 2020
How Routing Apps Can Fix The Traffic Problem?
  Routing apps, such as Google Maps, are always on the go to capture detailed information that could help pin emiss ...
AUG 23, 2020
Technology
Cyborg Technology Could Advance Diagnostics
AUG 23, 2020
Cyborg Technology Could Advance Diagnostics
Although it’s true, "cyborgs" are technically science fiction being the fact that they are part human an ...
AUG 28, 2020
Chemistry & Physics
Interacting Time Crystals and the Future of Time Keeping
AUG 28, 2020
Interacting Time Crystals and the Future of Time Keeping
Time crystals, also known as the space-time crystals, is a newly discovered state of matter that demonstrates distinct s ...
SEP 14, 2020
Technology
Can Virtual Reality Address The Opioid Epidemic?
SEP 14, 2020
Can Virtual Reality Address The Opioid Epidemic?
The current COVID-19 pandemic has overshadowed another public health challenge in the United States—and that ...
Loading Comments...