http://readwrite.com/2015/03/05/blac...mwc-spin-hacks
Hanno hackerato un telefono con firmware non aggiornato.
BlackPhone ha reagito positivamente avviando un programma dove pagano chi gli scopre bug.
E sembra che rilascino i sorgenti completi. Buona storia.
Sawyer essentially
attacked an old, outdated version of the software. Even so, the incident and publicity could have humiliated Blackphone right out of the market. It didn't. Instead, the company is milking it.
The team thanked Sawyer for the discovery and sent him a bottle of wine. Then
it enlisted others to scope out any other vulnerabilities.
According to Vic Hyder, Silent Circle’s chief strategy officer, B
lackphone recently launched a bug bounty program to reward people for finding security glitches—from $128 to more, depending on the severity. (Bounties are fairly common in the tech industry; even big companies like Facebook, Google and Microsoft offer rewards to bug hunters.)
“[It] makes them part of the solution, instead of part of the problem,” Hyder said. "It brings everybody in as a participant.” Even Sawyer, now a friend of Blackphone, helps out by looking for other vulnerabilities.
The company publishes all of its source code, to help make it easier for people to find holes.
So far, Hyder estimates that the company has paid out about $15,000 to $20,000 in bounties.