Huawei has fended off questions about secret backdoors in its smartphone and networking technology for years. Now it’s going to reward hackers for finding them in its Android-based mobile phones and in the process is outdoing Google.
In a bug bounty launch last week, Huawei said it would pay up to $220,000 (€200,000) for demonstrating a “critical” weakness in one of its Android devices. For a “high” severity issue, hackers can earn up to $110,000 (€100,000). Google, meanwhile, offers up to $200,000 and $100,000 for demonstrations of similar attacks on its Pixel phones.
Huawei revealed the program at a private event for some of the world’s top Android hackers at a Munich, Germany, event last week. In giving an example of how they could get the top prize, Huawei told the hackers they would have to obtain remote access to the device without the target having to click anything. A “high” severity hack would see the hacker take over a phone when they had direct access to the phone.
Huawei is, in one way, following Apple’s lead in keeping the bug bounty as invite-only. Forbes 30 Under 30 alum, Maria Markstedter, was one of those invited. She revealed on Twitter that researchers who were invited would also be given tokens to welcome other benevolent hackers into the fold.
The bug bounty was initially reported by TechCrunch earlier this month, but no details on payments or logistics were revealed. According to one hacker present, French researcher Robert Baptiste, Huawei isn’t opening up its own HarmonyOS as it is for Android. (Huawei hadn’t responded to a request for comment at the time of publication.)
“The payouts are interesting, they are aligned with the Apple bug bounty,” he said. Apple recently increased its prizes, however, offering up to $1 million for complete remote control of an iPhone with zero clicks. “So I’ll give it a look but I’m not excited, just interested.”
Whilst the bug bounties are common amongst major smartphone makers – Apple and Google are behind two of the biggest – Huawei could have another reason to open up its devices. Letting some of the world’s smartest hackers uncover security vulnerabilities could provide proof that it isn’t hiding any backdoors in its most popular phones that the Chinese government could leverage.