""My moral belief is that this should be accessible to people," Kociemba says. Kociemba submitted his fix to Fulu, but discovered another developer, calling themselves Team Dinosaur, had just submitted a fix slightly before Kociemba did. Still, Fulu paid out the full amount to both, roughly $14,000 apiece. Kociemba was surprised by that, as he thought he had lost the race or that he might have to split the prize money."
""Folks like Cody who are willing to put it out there, make the calculated risk that Google isn't going to sue them, and maybe save some thermostats from the junk heap and keep consumers from having to pay $700 or whatever after installation to get something new," O'Reilly says. "It's been cool to watch." This week, Fulu announced it had paid out its second ever bounty."
Independent developers reverse-engineered device software and submitted fixes to Fulu's bounty program to disable manufacturer DRM and enable third-party parts. Fulu paid full bounties to multiple contributors even when fixes arrived nearly simultaneously, awarding roughly $14,000 each for a thermostat exploit and later for a Molekule air purifier filter NFC bypass. Some contributors published fixes to increase consumer access and reduce waste, while others withheld public disclosure due to fear of legal consequences. The payouts intend to incentivize risky disclosure and support repairability, but legal uncertainty continues to limit public sharing of technical solutions.
Read at WIRED
Unable to calculate read time
Collection
[
|
...
]