OnePlus Opens its Bug Bounty Program for all Security Researchers
After the slew of cyber-attacks that had married the Chinese smartphone manufacturer, OnePlus, it has now launched its own bug bounty program named as āOnePlus Security Response Centerā (OneSCR). The company invited independent security researchers to participate and be rewarded for finding security vulnerabilities in the systems.
āThe global OnePlus Security Response Center will engage academics and security professionals to responsibly discover, disclose and remediate issues that could affect the security of OnePlusā systems, and will help us proactively counter potential external threats to user security. Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty program,ā OnePlus said in a statement.
According to OnePlus, the reward amount ranges from a minimum of US$ 50 to US$ 7000 based on vulnerability severity and business impact.
Special cases: up to US$ 7,000
Critical: US$ 750 ā US$ 1,500
High: US$ 250 ā US$ 750
Medium: US$ 100 ā US$ 250
Low: US$ 50 ā US$ 100
The company also stated that itās partnering with vulnerability coordination and bug bounty platform HackerOne to check OnePlusā systems against potential threats.
The latest move comes after OnePlus encountered multiple security breaches this year. Earlier, the security team at One Plus confirmed a data breach that exposed sensitive details from certain customersā orders which included their contact numbers, names, and addresses. As per the FAQ page on the One Plus website, the data breach occurred due to existing vulnerability on its website. One Plus stressed that hackers found this loophole and exploited it to gain the order details of certain customers while they couldnāt gain confidential payment information and account passwords.
Ahead of that, researchers revealed that a critical security vulnerability in OnePlus deviceās wallpaper application āShot on OnePlusā, leaked hundreds of the userās email address and other information. The āShot on OnePlusā is an application used to access photos uploaded by the OnePlus users.
The flaw could expose the photo details, including photo code, author, email addresses, focal-length, photo topic, uploaded location, and the uploaded time. OnePlus notified the users that the issue was fixed and made changes to its API.
!function(f,b,e,v,n,t,s)
{if(f.fbq)return;n=f.fbq=function(){n.callMethod?
n.callMethod.apply(n,arguments):n.queue.push(arguments)};
if(!f._fbq)f._fbq=n;n.push=n;n.loaded=!0;n.version='2.0';
n.queue=[];t=b.createElement(e);t.async=!0;
t.src=v;s=b.getElementsByTagName(e)[0];
s.parentNode.insertBefore(t,s)}(window, document,'script',
'https://connect.facebook.net/en_US/fbevents.js');
fbq('init', '544638299398912');
fbq('track', 'PageView');
Gloss