Recently, Google released a security bulletin in June and fixed 37 security vulnerabilities in Android system. 360 Security teams has reported 17 of them and gained Google’s public acknowledgement. Until now, 360 has accumulated 506 Android system and Chrome browser vulnerability reports. It is the first security vendor who receives Google’s recognition for breaking through 500 acknowledgements in the world.
In this round of security announcements, there were a total of five 360 security research teams that received acknowledgements. 360 Alpha Team reported 9 vulnerabilities; 360 C0RE Team reported 3 vulnerabilities; 360 Chengdu Security Response Center reported 3 vulnerabilities; 360 IceSword Lab reported 1 vulnerability; 360Beacon Lab reported 1 vulnerability.
Vulnerabilities are heavy weapons and could bring a great risk in cyber world if they were used by criminals. In recent years, through the cooperation with security vendors and independent researchers, Google has encouraged white hat to submit vulnerabilities for their own products in order to provide users with more secure products.
Since Google published the acknowledge announcement in 2015, 360 has made outstanding contributions to enhancing the security of Google’s products and dominated in the field of mobile vulnerabilities for three consecutive years. In 2017, security teams such as 360 Alpha Team, 360IceSword Lab, and 360 C0RE Team has found 227 Google Android vulnerabilities, which was seven times more than Google’s own security team.
360 official Microblog said that “By Promoting fixing the vulnerabilities of the system and basic software, every device in the world is getting more secured.” 360 takes this faith as the top security mission. 360 has created the largest security innovation center in the Asia-Pacific region, focusing on the research of security technology and the establishment of offensive and defensive systems. It has heavily deployed security personnel in the areas of web, systems, mobile, network, hardware, IOT, vehicle networking, cloud computing, and APT defense. 360 IceSword Lab, 360 C0RE Team and 360 Alpha Team, which active on the Google Acknowledgements list, are all the members of the 360 Innovation Center.
360 Alpha Team is committed to build a solid barrier to mobile security. The team has not only made outstanding achievements in vulnerability research, but also has been a regular winner in the international hacking competitions. It is the first team in the world who cracks Nexus6 on Mobile Pwn2Own and Pixel on PwnFest within one year. It cooperated side by side with 360Vulcan team on Pwn2Own and accomplished the first time of hacking Chrome browser in China. It is also the first team who achieves “Grand Slam” of hacker competitions in the world.
Earlier this year, Google officially thanked for 360 Alpha Team and awarded a bonus of $112,500. This is the highest award ever since Google launched the Android Vulnerability Program (ASR) in 2015. The reason of setting this award is due to the submition of Pixel’s vulnerabilities by 360 Alpha Team in August 2017.