The Internet of Things is predicted to be one of the fastest growing technology ecosystems in history. Wink has put itself at the forefront of this space by offering a simple, intuitive platform to control hundreds of connected devices from many of the world’s most trusted brands. Yet we know that if we wish to continue to remain a leader in the Internet of Things space, Wink must also be a brand that people trust. That’s why we value the security research community.
The disclosure of security vulnerabilities by security researchers helps us ensure the security and privacy of our users, and we will give researchers free hardware as long as they continue submitting security issues to us. All we ask is a reasonable amount of time to resolve the issues you submit. In return, we aim to be transparent about how we approach securing our products so that everyone in the area of the Internet of Things, home automation and networked devices can benefit.
*Due to the nature of patching firmware and hardware issues, we may require additional time in some cases. We will make every effort to provide realistic timelines on when we can expect to resolve issues you discover.
If you follow these guidelines when reporting an issue to us we commit to:
Any services hosted by 3rd party providers and services are excluded from scope. These services include:
In the interest of the safety of our users, staff, the Internet at large and you as the security researcher, the following test types are excluded from scope and not eligible for a reward:
Things we do not want to see:
To report a potential security vulnerability or concern, please contact . A Wink Security Incident Response Team member will review and respond to your submission within 48 hours, depending on the severity of the concern. Wink supports encrypted emails via PGP (Wink's public PGP key).
If you believe that Wink data or systems are at risk, please include the following details in your email:
If you believe you have discovered a vulnerability in a Wink product, please include the following details in your email: