Netgear launched on Thursday a bug bounty program to offer up to $15,000 in rewards to hackers who will find security flaws in its products.
Since criminals have taken aim at a rapidly growing threat surface created by millions of new Internet of things (IoT) devices, it has become crucial to protect routers that contain the keys to the kingdom that connects the outside world to the IP networks that run these connected devices.
To combat this issue, Netgear, one of the biggest networking equipment providers in the world, has launched a bug bounty program focusing on its products, particularly routers, wireless security cameras and mesh Wi-Fi systems.
Bug bounty programs are cash rewards given by companies or organizations to white hat hackers and researchers who hunt for serious security vulnerabilities in their website or products and then responsibly disclose for the patch release.
Also Read: How Hackers Hack Bank Accounts with Router Vulnerabilities
Bug bounties are designed to encourage security researchers, hackers and enthusiasts to responsibly report the vulnerabilities they discovered, rather than selling or exploiting it.
On Thursday, Netgear announced that the company has partnered up with Bugcrowd to launch Netgear Responsible Disclosure Program that can earn researchers cash rewards ranging from $150 to $15,000 for finding and responsibly reporting security vulnerabilities in its hardware, APIs, and the mobile apps.
Meanwhile, on the same day, The Federal Trade Commission (FTC) filed a lawsuit against D-Link, another large networking equipment providers, arguing that the company failed to implement necessary security protection in its routers and Internet-connected security cameras that left "thousands of consumers at risk" to hacking attacks.
If you are a bug bounty hunter, you should read all terms and conditions before shooting your exploits against Netgear products or website.
One of them explicitly mentioned, "You may only exploit, investigate, or target security bugs against your own accounts and/or your own devices. Testing must not violate any law, or disrupt or compromise any data or access data that is not yours; intentional access of customer data other than your own is prohibited."The company is paying out up to $15,000 for each vulnerability. The highest bounty will be given for the flaws that would allow access to the cloud storage video files or live video feeds of all its customers, and bugs that allow remote access to routers from the Internet, as shown in the chart above.
Also Read: Someone Just Hacked 10,000 Routers to Make them More Secure.
Others vulnerabilities that qualify the bounty program include:
- SQL injection bug
- Information disclosure flaw
- Stored cross-site scripting (XSS) vulnerability
- Cross-site request forgery (CSRF) bug
- Open redirect issues
So, what are you waiting for? Go and Grab 'em all!