Meta Will Pay You up to $45,000 to Hack Its VR Headsets - Road to VR

In an effort to harden the information of its hardware products, Meta contiguous announced caller guidelines for its Bug Bounty program, specifying the inclusion of some the Quest Pro headset and Touch Pro controllers, and what the institution volition wage retired for circumstantial bugs uncovered by information researchers.

Like immoderate different tech companies, Meta runs a Bug Bounty programme which encourages hackers information researchers to probe its products for vulnerabilities successful speech for a payout.

Meta has been moving this programme for immoderate clip crossed assorted products, but contiguous the institution added new payout guidelines circumstantial to its VR products, including Quest Pro and the Touch Pro controllers, arsenic good arsenic Quest 2, Quest 1, and galore of the company’s caller non-VR hardware products.

According to the guidelines, Meta is offering up to $45,000 for large exploits connected its hardware products (like distant codification execution connected a headset), and betwixt $500–$3,000 for smaller exploits (like sneaking an app astir the user’s support settings).

The guidelines item however Meta volition measure the assorted classes of exploits and however their severity volition find the payout. The institution says it volition instrumentality a scope of factors into consideration, including findings that could “potentially effect successful carnal wellness and information and privateness risks.”

Photo by Road to VR

One of the astir absorbing additions of included devices successful the programme is surely the Touch Pro controllers. As acold arsenic Meta’s VR headsets go, this is simply a full caller people of device—essentially a small machine susceptible of tracking its ain presumption acknowledgment to 3 on-board cameras. None of the company’s anterior VR headsets person had specified blase controllers, and it volition beryllium absorbing to spot if they unfastened the doorway to immoderate caller information vulnerabilities.

In a blog station recounting the past twelvemonth of the company’s Bug Bounty program, Meta says it paid retired immoderate $2 cardinal to information researchers this year. The institution says it got astir 10,000 reports successful 2022, 750 (7.5%) of which it determined qualified for a payout. That makes the mean bounty outgo for 2022 astir $2,700 per qualifying bug.