After the slew of cyber-attacks that had married the Chinese smartphone manufacturer, OnePlus, it has now launched its own bug bounty program named as “OnePlus Security Response Center” (OneSCR). The company invited independent security researchers to participate and be rewarded for finding security vulnerabilities in the systems.
“The global OnePlus Security Response Center will engage academics and security professionals to responsibly discover, disclose and remediate issues that could affect the security of OnePlus’ systems, and will help us proactively counter potential external threats to user security. Security researchers around the world can proactively search for and report OnePlus-related security issues through the new bug bounty program,” OnePlus said in a statement.
According to OnePlus, the reward amount ranges from a minimum of US$ 50 to US$ 7000 based on vulnerability severity and business impact.
Special cases: up to US$ 7,000
Critical: US$ 750 – US$ 1,500
High: US$ 250 – US$ 750
Medium: US$ 100 – US$ 250
Low: US$ 50 – US$ 100
The company also stated that it’s partnering with vulnerability coordination and bug bounty platform HackerOne to check OnePlus’ systems against potential threats.
The latest move comes after OnePlus encountered multiple security breaches this year. Earlier, the security team at One Plus confirmed a data breach that exposed sensitive details from certain customers’ orders which included their contact numbers, names, and addresses. As per the FAQ page on the One Plus website, the data breach occurred due to existing vulnerability on its website. One Plus stressed that hackers found this loophole and exploited it to gain the order details of certain customers while they couldn’t gain confidential payment information and account passwords.
Ahead of that, researchers revealed that a critical security vulnerability in OnePlus device’s wallpaper application ‘Shot on OnePlus’, leaked hundreds of the user’s email address and other information. The ‘Shot on OnePlus’ is an application used to access photos uploaded by the OnePlus users.
The flaw could expose the photo details, including photo code, author, email addresses, focal-length, photo topic, uploaded location, and the uploaded time. OnePlus notified the users that the issue was fixed and made changes to its API.