Bug Bounty and hacks


#1

I recently grabbed Channels as our home OTA DVR solution on AppleTV. Are there any bounties available? What are the limitations when looking for vulnerabilities in this software? What are the terms of responsible disclosure here?

I am surprised to see so little work (from the community - not devs) to expand the functionality of this product - is this open source? If so, where can I contribute?


#2

Found you on Github (I believe) – https://github.com/fancybits


#3

Hi, thanks for the interest!

We are a small shop- only two devs. Our app and DVR are not open-source, but we contribute back to many open-source projects including FFmpeg.

We don’t have any formal bug bounty programs, and have only performed limited pen testing. If you’d like to poke around, just give us a heads up ([email protected]) before you start. We will do our best to fix any security issues discovered in a prompt manner.


#4

Thanks - sounds good. I will keep things local and reach out before poking around on anything else. Is everything in Swift?

Anything more to your API that is not documented?


#5

Not much Swift around here. We’re still old school.

The public API is fully documented. There’s lots of private APIs that are not documented.