Skip to main content

Intel opens bug hunt to all security researchers, offers possible $250K payout

Want to make a quick $250,000? Who doesn’t, right? If you have the know-how to hunt down vulnerabilities in hardware and software, then that high-dollar reward could be within your grasp. Intel is now offering an updated bug bounty program until December 31, 2018, setting that nice little chunk of change as the maximum payout for hunting down “side-channel vulnerabilities.” These vulnerabilities are hidden flaws in typical software and hardware operations that could potentially lead hackers to sensitive data, like the recent Meltdown and Spectre exploits. 

“In support of our recent security-first pledge, we’ve made several updates to our program,” the company says. “We believe these changes will enable us to more broadly engage the security research community and provide better incentives for coordinated response and disclosure that help protect our customers and their data.” 

Recommended Videos

Intel originally launched its Bug Bounty Program in March 2017 as an invitation-only plan for select security researchers. Now the program is open to all in hopes of minimizing another Meltdown-type discovery by using a wider pool of researchers. The company is also raising the reward amounts for all other bounties, some of which offer up to $100,000. 

Please enable Javascript to view this content

Intel’s list of requirements for reporting side-channel vulnerabilities is somewhat short, including the 18-year-old age requirement, a six-month gap between working with Intel and reporting an issue, among other requirements. All reports must be encrypted with the Intel PSIRT public PGP key, they must identify an original undisclosed problem, include CVSS v3 calculation results, and so on. 

Intel wants security researchers to hunt down bugs in its processors, chipsets, solid state drives, stand-alone products like NUCs, networking and communication chipsets, and field-programmable gate array integrated circuits. Intel also lists five types of firmware, and three types of software that fall under its bug bounty umbrella: drivers, applications, and tools. 

Intel will award a Bounty for the first report of a vulnerability with sufficient details to enable reproduction by Intel,” the company states. “Intel will award a Bounty from $500 to $250,000 USD depending on the nature of the vulnerability and quality & content of the report. The first external report received on an internally known vulnerability will receive a maximum of $1,500 USD Award.” 

In January, researchers went public with a vulnerability found in processors dating back to 2011 that allows hackers to access the system memory and grab sensitive data. The attack vector takes advantage of a method processors use to predict the outcome of a process string. Using this predictive technique, processors store sensitive data in the system memory in an unsecured state. 

One method of gaining access to this data is called Meltdown, which requires special software to capture the data. With Spectre, hackers could trick legitimate apps and programs into coughing up the sensitive data. Both methods are theoretical, and currently not actively exploited in the wild, yet Intel seemed somewhat embarrassed over the potential issues. 

“We will continue to evolve the program as needed to make it as effective as possible and to help us fulfill our security-first pledge,” Intel promises. 

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Windows PCs now works with the Quest 3, and I tried it out for myself
i tried windows new mixed reality link with my quest 3 alan truly sits in front of a pc and adjusts virtual screen while wear

Microsoft and Meta teamed up on a new feature that lets me use my Windows PC while wearing a Quest 3 or 3S, and it’s super easy to connect and use. I simply glance at my computer and tap a floating button to use Windows in VR on large displays only I can see.

Meta’s new Quest 3 and 3S are among the best VR headsets for standalone gaming and media consumption. When I want more performance or need to run one of the best Windows apps that aren’t yet available in VR, I can connect to a much more powerful Windows PC.
Setting up Mixed Reality Link
Scanning Microsoft's Mixed Reality Link QR code with a Meta Quest 3 Photo by Tracey Truly / Digital Trends

Read more
How to transfer your books from Goodreads to StoryGraph
Front page of a book on Onyx BOOX Go 10.3 tablet.

Goodreads has been the only game in town for Android and iOS book-tracking for a long time now, and like most monopolies, it has grown old and fat. Acquired by Amazon in 2013, avid book readers have had lots to complain about in recent years, with the service languishing unloved, with no serious updates and an aging interface. It's been due some serious competition for a long time, and lo and behold, some has arrived. StoryGraph is a book-tracking app that offers everything you'll find on Goodreads but with an algorithm that lets you know about what you might love, and adds features any bibliophile will know are essential — like a Did Not Finish list.

Read more
I played Black Myth: Wukong on the new MSI handheld to prove it was possible
Black Myth: Wukong running on the MSI Claw 8 AI+.

I scoffed when MSI put the Claw 8 AI+ in my hands with Black Myth: Wukong selected. I'd spent 80 hours in the game on my full desktop packing an RTX 4090, and I knew just how demanding the game was. It's a pipedream for a handheld gaming PC.

I pressed Continue and loaded up at the Pool of Shattered Jade rest point -- the ideal spot to farm; if you know, you know -- and proceeded to run up to the cocoons spotted around the area, unleash my spirit ability, and run back. Sitting in a dimly-lit New York City bar, I continued the loop a few more times. I'd done plenty of farming in the game before.

Read more