News

Bug Bounties Aren’t Just for Software

April 16, 2016 by Alex Udanis

Here are 5 companies you wouldn't expect to offer bounty programs towards hardware and software bugs.

Bug bounties have been a popular topic in the software industry.

Nearly all of the major tech companies offer bug bounties; there's Facebook, Google, Yahoo, Samsung, and Mozilla, just to name a few. These bounties will often range from a ‘Thank you’, to Swag, to thousands of dollars. Bug bounty programs aren't just limited to software companies; many companies that make hardware have followed suit. Here is a list of 5 companies that offer a bounty program towards hardware and software bugs! Keep in mind that most of these programs only reward bugs related to safety and security.

 

Tesla

Tesla Model S - Find a security flaw, get a reward! Source: Telsa

 

Tesla is compared to a startup software company more often than a car company, so it shouldn't be surprising that they offer a bug bounty program. Tesla’s bug bounty program covers “hardware products that you own or are authorized to test against (Vehicle, PowerWall, etc.)” in addition to apps, software, and websites. According to BugCrowd, Tesla has given awards for 108 vulnerabilities ranging in value from $100 to $10,000. Think you have what it takes to crack a Tesla? Head over to BugCrowd for more details and the fine print!

 

AT&T & DirecTV

The Direct TV Genie - Find a security flaw, get a reward! Source: DirecTV

 

AT&T has offered a bug bounty program for quite some time. With their recent acquisition of DirecTV, AT&T is now offering bug bounties for their new subsidiary as well! AT&T is offering rewards up to $5000 for critical security issues. For all of the terms and conditions, head over to AT&T’s bug bounty website.

 

Samsung

Samsung Smart TV - Find a security flaw, get a reward! Source: Samsung

 

Smart TVs often pack in many extra features like microphones and even cameras in some cases. Samsung offers a bug bounty program from their smart TVs. They offer $1000 or more for critical bugs. For all the legal information and rules about their program, head over to their dedicated website for their smart TV bug bounty program.

 

Blackphone - Secure Smartphone

The Blackphone! Find a security flaw and get a reward! Source: Silent Circle 

 

The Blackphone is a high-security smartphone made by Silent Circle. The Blackphone gains its security with a special android ROM. Silent Circle offers a bounty program for both the software and hardware involved with the Blackphone. Silent Circle will pay a reward of $128, but that varies with the bug. For all the terms and conditions involved with the Blackphone bounty program, head over to the Bugcrowd Page

 

Ubiquiti - Network Equipment

Ubiquiti airMAX Bridge - Find a security flaw, get a reward! Source: Ubiquiti

 

Ubiquiti is a large manufacturer of network equipment and related devices. Ubiquiti offers a bug bounty program for their web applications, and they also offer a bounty program for their network equipment. In particular, this program pertains to their airMAX, UniFi, EdgeMAX, airVision, and airFiber embedded devices. Ubiquiti will pay from $100 to $25,000 for security bugs. According to hackerone.com, Ubiquiti has given out 138 rewards. For more information regarding this bug bounty program, head over to HackerOne.

 

Bounty Program Resources

Bounty programs are a big deal with hundreds of companies offering them! Two great websites that facilitate bounty programs are Bugcrowd and HackerOne. Do you think we missed any great hardware bug bounties? Let us know in the comments below!