Qualcomm Bug Bounty Offers Up To £12,000 For Snapdragon Flaws

Roland Moore-Colyer,
Qualcomm Stand MWC 2016

Qualcomm is offering up to $15,000, approximately £12,000, to people who spot bugs in its modems and processors.

Qualcomm is offering up to $15,000, (£12,000), to people who spot bugs in its modems and processors.

The company, best-known for its mobile processors, has opened its Vulnerability Rewards Program, effectively a bug bounty scheme aimed at hunting down flaws its Snapdragon branded products.

The rewards for spotting bugs range from $1,000 (£800) for a low security rating flaw, moving up to $5,000 (£4,000) for high security risk flaws in modems and software bootloaders, and topping out at the full $15,000 if a critical bug is found in one of Qualcomm’s cellular modems.

Bug squashing

hpThe Vulnerability Rewards Program is pertinent given the reach of Qualcomm in both the consumer and business world.

A large amount the devices used in the LTE market use Qualcomm’s technology and multiple current-generation smartphones, such as Google’s Pixel XL flagship handset and mobiles from Samsung, LG, Motorola, HTC and Asus.

One of the more recent bugs discovered in Qualcomm’s chipsets was found to have the potential to affect 900 million Android devices, so squashing the bugs before they can have an impact is certainly an important undertaking.  

“We recognise that conducting security research often requires investing a large amount of time and skill in order to make an impact,” Qualcomm said.

“We are lucky enough to work with a top-notch community and have had good experiences in the past when working with security researchers. We definitely appreciate the hard work and effort that external security researchers have put into researching and improving security within the mobile ecosystem.

“At the current stage, the participation of this program is invitation-only. We are inviting security researchers who have made contributions to improve the security of our products in the past. We will gradually invite more security researchers into the program.”

Qualcomm has already been fairly active working with other companies to dig vulnerabilities in its mobile chips.

Are you a security pro? Try our quiz!