Sometimes it pays to be bad, and if you want be naughty and get paid, you're in luck. Google is offering $100,000 to the first person who is able to remotely hack a Chromebook or Chromebox machine through the Web.
Until March 14, Google's offer stood at $50,000. However, the reward for the "persistent compromise of a Chromebook in guest mode" has since doubled after two Chrome development staffers revealed that no one had submitted a valid entry.
"Since we introduced the $50,000 reward, we haven't had a successful submission," Google's Nathan Parker and Tim Willis wrote on the Google Security Blog. "That said, great research deserves great awards, so we're putting up a standing six-figure sum, available all year round with no quotas and no maximum reward pool."
"Persistence" is a hacker term, referring to the ability of the effects of a security breach to remain even after a system reboot. In this case, the goal would be to have the compromise achieve persistence on Chrome OS'd Guest Mode. This is an important caveat for Google, since unlike a regular user who signs in with a Google account, guest mode offers almost nothing to compromise. Not only are most browser extensions and apps disabled, but guest mode also blocks the retention of browsing histories and cookies.
The necessity to find an applicable hack is huge for Google. If it is possible for a hacker to compromise guest mode with persistence, then it would be a massive failure of Chrome OS security - hence why Google is so insistent on seeing if it's possible before someone with malicious intentions does it first.
This Chromebook bounty is just a larger part of Google's Security Reward Program which has been around in 2010. It covers not only Chromebook but Android-powered gadgets and Chrome's Safe Browsing download protection features - in short, essentially anything that Google has a stake in.
The program has been largely successful thus far, with Google awarding researchers more than $2 million in total last year for their discovery of various security flaws. In fact, one such reward went to a researcher who managed to buy Google.com for a minute.
The program is also a win-win for Google and its customers. If a researcher is successful in compromising the security of a Google product then they get paid while Google gets a chance to fix its product. On the other hand, if no one is successful then Google can proclaim that it employs superior security measures on its products.
Of course, such proclamations come with their own risks. There's the possibility that Google makes such a claim only to have a hacker publicly declare otherwise, or sell the intel to criminals or nation-state intelligence agencies, which only serves to keep Google in the dark about the whole affair.
If you think your hacking skills are up to snuff, then check out Google's Chrome Reward Program here.