Meta (Facebook) will pay you $30,000 to find security vulnerabilities in Quest headsets

Source: Nick Sutrich / Android Central

Facebook parent Meta on December 10 introduced new updates to its bug bounty program, expanding it to Reality Labs products — including Meta Quest 2 and Meta Portal. Announcing the new updates in a blog post, Meta noted that it is important to know what the “next generation of security threats will look like” for augmented and virtual reality technologies.

Researchers who discover potential vulnerabilities in Meta’s Ray-Ban Stories smart glasses will also be eligible to receive a bounty award. Additionally, researchers who submit vulnerabilities in the smart glasses and Facebook View app will get safe harbor protections.

The company says the move is aimed at providing “more transparency into the bounty award process” for its hardware devices. The payout amount to researchers will be based on the maximum possible security impact of the bug submitted by them.

While a bug that allows unauthorized mic access on Quest would yield a bounty award of $5,000, researchers can earn up to $30,000 for a persistent full secure boot bypass of its best VR headset. The tech giant will also consider a bug’s potential health, safety, and privacy risks when determining the final bounty payout.

Meta’s bug bounty program is one of the longest-running programs of its kind in the industry. Last year, the company paid nearly $2 million in bounty awards to security researchers from over 107 countries. It has also awarded additional funding to eight recipients to research security topics such as multi-factor authentication in AR and hardware trojan detection using machine learning and imaging.