Android ethical hacker vs. black hat hacker : Why Android security program is more profitable for hackers
Almost all netizens are interested in hacking while some of the younger lot would love to pursue hacking as a career option. While not all may think of black hat hacking as a career option, but exceptions do exist. In this article I am trying to give you reasons why black hat hacking sucks as a career option.
First and foremost you need to understand what is black hat hacking. Black Hat hacker is a hacker who has fallen over to the dark side, pun intended.
A black hat hacker is an individual with extensive computer knowledge whose purpose is to breach or bypass internet security. Black hat hackers are also known as crackers or dark-side hackers. The general view is that, while hackers build things, crackers break things. They are computer security hackers that break into computers and networks or also create computer viruses for profit. The term “black hat” comes from old westerns where the bad guys usually wore black hats and the good guys wore white ones.
White hat hackers also identify security weaknesses; but, instead of performing malicious attacks and theft, they expose the security flaw in such a way as to alert the owner that there is a breach so they can fix it before a black hat hacker can take advantage of it.
Ethical hackers or white hat hackers, by contrast, find bugs, flaws or make programs to find vulnerabilities for greater good. They mostly inform the company about the bug they have discovered to claim bug bounty. And they command respect in the security researchers circle as well as among tech companies.
Black Hat Hackers vs. Google’s Android Programme Ethical Hackers
Now lets consider black hat hacking versus Android’s ethical hacking program. Google Inc. has been running a Vulnerability Rewards Program (VRP) since 2010. Its bug bounty program is open for all and encourages independent security researchers to identify and report vulnerabilities in Google-owned domains, namely Google, YouTube, Blogger and Android. Which means that Google users like you and me with no expertise in hacking can also claim bug bounty if we find something amiss in Google, YouTube, Blogger and Android operating system. Those who are successful in picking out weak spots are rewarded by Google financially, according to a bug bounty program.
Of all the Google products, the Android Security Rewards program has been most successful in enticing ethical hackers to divulge bugs and flaws. As per Google’s reports, it disbursed over half a million dollars last year in payouts to independent security researchers who pointed out bugs within the android system and that is helluva money.
Consider the case of a top researcher, who goes by the Twitter Handle @heisecode. @heisecode earned $75,750 by reporting 26 valid vulnerability reports to Android security team. Similarly, another 15 ethical hackers also made $10,000 or more each. Google has put up a list of successful researchers in the acknowledgements section of the Android security page.
According to Google, it paid out a total of $550,000 to 82 individuals over the year. This averages out to around $6,700 for each individual and an average of $2,200 in reward money for each single report. Now considering you are thinking of joining the black hat hackers band kindly note this fact. Do you know what else earned that much? 117 Million hacked LinkedIn logins that were put up for sale on the dark web last month for 5 Bitcoins ($2300 approx.).
The rates of Credit Card information has now come to $1 per card on the Dark Web underground forums and to make what @heiscode made from Google, you would have to steal 75000 credit cards. While MySpace hacker gave out the data base for as little as $100 to buyers. Another hacker was selling Gmail ids and passwords for $2000 in bitcoins.
Google to pay more bug bounty
In an attempt to encourage more individuals to join the freelance vulnerability testing, Google has announced that it will increase the payouts starting June 1, 2016. All high quality vulnerability reports will now be paid 33% extra. A high quality report is one that includes a proof of concept (POC). Those that include a patch to correct the vulnerability, in addition to the POC, will now earn 50% more.
Those who report a valid kernel exploit, either remote or proximal, will now be paid $30,000 instead of the previous $20,000. The largest payout, one for reporting a valid exploit, or a chain of exploits, leading to a compromise of the Trust Zone or Verified Boot will get a researcher a whopping $50,000, as opposed to the previous 30,000. Luckily, or maybe regretfully for some, not a single exploit for this category was found in the last year.
Many more companies are joining Google in wooing hackers to the Jedi fold. Because white hat hacking usually helps them and reward programs such as the above one are a positive way for companies to ensure quality in their product.
Apart from bringing benefits to the company in the form of higher quality code, the program also encourages computer experts to choose ethical hacking as opposed to unethical adventures. Such generous payouts can motivate a greater number of experts to work in favor of the company, rather than against it.
If you are a hacker, you may note that it pays to shun the dark force and join the Jedi army of ethical hackers!