The internet of things (IoT) is a hot buzz topic when it comes to cybersecurity, as criminals take aim at a rapidly growing threat surface created by millions of new connected devices in homes and out in the field. All too often, the keys to the kingdom exist within the router that connects the outside world to the IP networks that run these devices. NETGEAR, one of the biggest router-makers in the world, is taking steps to combat the problem with a launch of a bug bounty program.
The program has launched for Bugcrowd’s curated community of tens of thousands of skilled cybersecurity researchers.
“As the innovative leader in connecting the world to the internet, NETGEAR must earn and maintain the trust of their users by protecting the privacy and security of their data,” said NETGEAR vice president of information technology Tejas Shah. “Being proactive when it comes to security is fundamental to NETGEAR’s approach. By adding a managed bug bounty program through Bugcrowd, we are adding one more layer to our security program.”
The scope of NETGEAR’s bug bounty program includes NETGEAR’s devices, mobile applications, and exposed APIs. Anything that does not relate directly to a NETGEAR product is out of scope (e.g. marketing websites and support portals, including netgear.com). However, as long as the domain is used directly by a NETGEAR product, it is in scope—for example, https://apistaging.netgear.com is in scope, but https://netgear.com is not.
The potential rewards range from Bugcrowd points to $150 - $15,000 per bug identified. Top dollar goes to flaws leading to privacy and PII compromises, like unauthorized access to NETGEAR cloud storage video files or live video feeds for all customers (both $15,000—unauthorized access to a single customer’s video assets will command $10,000). The company will also pay $10,000 for flaws that allow crooks to retrieve customer payment information, including credit-card numbers and CVVs.
“With the white-hat hacker community in their corner, NETGEAR is cementing their position as the leader in consumer device security,” said Casey Ellis, CEO and founder of Bugcrowd. “We look forward to managing NETGEAR’s program and ensuring they get the best possible results to help them improve their security posture and build even more secure products.”
Photo © Keith Homan/Shutterstock.com