OnePlus is offering Rs. 5 lakh for hacking its phones
OnePlus is striving hard to protect its customers and their data. The Chinese company, which suffered from a serious data breach last month, has launched a global bug bounty program inviting security researchers to discover/report potential security threats in its products and systems. In return, the eligible entries will be rewarded with cash rewards up to Rs. 5 lakh. Here's all about it.
New OnePlus Security Response Center
As promised after last month's breach, OnePlus has set up a Security Response Center, which is a dedicated platform allowing security researchers to report issues, from bugs to data leaks, in OnePlus's offerings as well as their exploits. The program covers OnePlus's mobile OS, website, forums, applications, server, and system and is open to academicians and security experts from all backgrounds and levels.
Cash payout maxes out at $7,000/exploit
On a webpage detailing the program, OnePlus says that you will be eligible to receive a cash reward ranging between $50 and $7,000, depending on the severity of the vulnerability flagged by you and its impact on the company's business. The maximum $7,000 reward has been described for 'special cases'. However, the criteria for this (and other tiers) have not been detailed by OnePlus.
Top reporters will be highlighted on OnePlus's leaderboard
Along with accepting issues across a wide range of platforms, OnePlus will also maintain a leaderboard of bug reporters. The top three contributors of the month will be featured in the 'Hall of Fame' section of the bug bounty program's main page. You can check full details of the bug bounty program here (https://bit.ly/2QcmsWI) and submit a report here (https://security.oneplus.com/add.html).
OnePlus is also partnering with HackerOne
Among other things, OnePlus has also partnered with cybersecurity company HackerOne. The goal is to leverage the platform's extensive network of security experts to proactively flag and address the most relevant security issues before they are exploited by an external threat actor. Initially, the companies will run a pilot to flag potential threats in OnePlus's system, with a public version launching later in 2020.
