Facebook’s parent company Meta is updating its bug bounty program to add hardware products from its metaverse division Reality Labs, including its Quest 2, Portal and Ray-Ban Stories smart glasses, the company announced on Friday. Work will play an important role in his “journey to help build the metaverse,” according to a press release.
The press release emphasized that Ray-Ban Stories’ verified bug submissions are eligible for awards, which he hopes will incentivize more researchers to “review the glasses and our other hardware devices.” The minimum reward for discovering a bug is $ 500 and amounts increase based on the device and the potential impact of the bug discovered. The largest payment listed is $ 30,000, but could be increased further at the company’s discretion, for errors that could potentially result in risks to health, safety, or privacy.
Meta offered a list of hypothetical errors and what the payments might look like:
An issue that would allow a malicious third-party application to inject content that is then consumed by a source application, such as images in a slideshow or audio in a call, would receive a payment of ~ $ 1,000 in the section “Problems caused by malicious third-party applications “
A third-party application that gains access to the microphone without requesting it on a Quest device would receive a payment of $ 5,000 in “Unauthorized Microphone Access by Third-Party Application.”
A third-party application in Quest that may crash or disable Guardian would receive a payment of $ 3,000 in “DoS”
Remote code execution via a buffer overflow in Quest’s voice chat library, getting the execution in a privileged first-person app would get paid $ 16,000.
The company first established its bug bounty program in 2011 and says it has been instrumental in helping it find and fix bugs, with nearly $ 2 million in prizes paid to security researchers in the past year alone, according to a blog post from the company’s director of safety engineering, Dan Gurfinkel.
The full list of payments and guidelines can be found here.
