On Friday, Meta announced that it's updating its bug bounty program payout guidelines for its Reality Labs hardware products as its focus shifts more towards the metaverse and virtual reality. With the update, Meta explains what fixes result in what reward more clearly, and it specifically mentions that the Ray-Ban Stories glasses are covered by the program too.
According to the updated payout guidelines, the covered devices of this program are Quest 2, Quest, Portal TV, Portal+, Portal Go, Portal Mini, Portal, and Ray-Ban Stories. Different types of exploits are listed next to the maximum bounty you could receive, for example, finding a persistent full secure boot bypass could net you as much as $30,000.
To determine the amount it will award, Meta will take into account factors such as the impact of the exploit, the ease of exploitation, and the quality of the report. Additionally, it will take into consideration any issues you find that could cause physical, safety, or privacy risks while determining the amount to award.
Finding exploits in hardware and reporting them to the parent company can sometimes land you in legal hot water but with Meta’s bug bounty program, the devices it has specified can be investigated for bugs without legal repercussions if you’re doing it to report it to Meta. With the addition of the Ray-Ban Stories to the list and its companion app, Facebook View, Meta said you’ll enjoy safe harbor protections outlined in its terms of service for trying to find bugs in this product.
If finding bugs in Meta products sounds interesting to you, head over the bug bounty program pages to learn how to get started.