Google increases its bug bounty for Fitbit and Nest security flaws

Google has upgraded its Vulnerability Rewards Program (or VRP) with more reward payments for hackers who find bugs in its Nest devices and those from Fitbit which it bought in January 2021 for $2.1 billion.   

The higher payments are coming through an extension to the Android Security Reward Program. In 2021, Google paid $2.9 million for Android bug reports and $3.3 million for Chrome bugs. The updated bug bounty focusses on Google’s hardware. 

This bug bounty focusses on Google’s embedded system firmware and software for hardware including Nest, Fitbit, and its Pixel smartphones that spans security for smart home products and wearables. 

“We encourage researchers to report firmware, system software, and hardware vulnerabilities. Our wide diversity of platforms provides researchers with a smorgasbord of environments to explore,” Google says in a blogpost.    

The company will also pay rewards for Nest and Fitbit bugs that researchers filed with it in 2021. Google says it will double the reward amount for all new eligible reports for the devices if they were in scope. 

Last year Google’s Vulnerability Reward Programs paid $8.7 million to researchers, up from $6.7 million in 2020. It has created the Bug Hunters website to handle bug reports for its website, Android,

Read More: