Qualcomm was left red-faced back in August at the DEF CON hacking conference when four vulnerabilities, named under the collective term "Quadrooter," were revealed for the company's chipsets. They allow complete access to any gadget running the vulnerable chips, which turns out to be around 900 million Android devices.
Qualcomm wants to avoid exploits of this scale ever happening in its products again, and so the company is launching a bug bounty program. In return for discovering and reporting security bugs, Qualcomm is offering up to $15,000 per bug as a reward.
The bug bounty program was created in collaboration with Hackerone, which touts itself as "the first vulnerability coordination and bug bounty platform." Hackerone was formed by security professionals from Facebook, Microsoft, and Google.
Qualcomm is running a closed program where it invites security researchers to take part. Initially, researchers who have already contributed to the security of Qualcomm's products will be able to sign up, but more researchers will regularly be invited to join.
A list of the chipset families Qualcomm wants security researchers to review is available, it includes the following products:
Rewards are offered for finding vulnerabilities in the following areas:
The rewards range from under $1,000 right up to the $15,000 maximum. To be eligible for $15K, Qualcomm needs to see a critical cellular modem vulnerability. A full list of pay outs for the different types of vulnerability can be seen on the Qualcomm Hackerone bug bounty program page.