Skip to content

Magazine Home

HOLE ON THE SHIELD

DISCOVERY IS REWARDED

Many of you have probably heard of the so-called “Security Reward Program”.

But what exactly does this mean in practice?

We can now demonstrate this with a very recent example, as Róbert Török, SKOH Assembly Technician, discovered a security vulnerability that was rewarded by the Security Team.

“The long and short of it is that I noticed that I could pair my company laptop with my android phone via Bluetooth.” – began Róbert Török.

“From then on, I could send photos from my company laptop to my phone. Normally we don’t use the Bluetooth function on the laptop, but for some reason it was turned on. It just occurred to me that I was using the Bluetooth function on my smartphone anyway because of my smartwatch, where the laptop appeared in the pairing. As I was able to pair it, I then thought to report this immediately to the security team, who checked with me that the photo and file transfer would indeed be feasible, so they took immediate action.” – said Róbert Török Assembly Technician.

“I immediately reported the vulnerability to my manager, who immediately contacted the factory manager and IT Security colleagues to find a solution to the vulnerability Robi had just outlined.” – explained Árpád Rácz, Security Manager.

“It is important to point out, however, that iOS phones did not allow the pairing that has been revealed, while Android phones did. IT Security was designed to solve these problems. However, we would like to express our gratitude to Robi for discovering such a critical vulnerability and for reporting it to us immediately. I believe this is an excellent reflection of both employee loyalty and what the Security Reward Program should be all about.” – emphasised Árpád Rácz, who thanked Róbert Török for his help with a voucher under the Security Reward Programme.

“Of course, I’m happy with the honour, but this is just icing on the cake. I’ve been with SK On Hungary for quite a long time, 3 years now, so it probably goes without saying how much the community and the company means to me. It never crossed my mind not to report such a security breach immediately, as I believe I have contributed to making the place where we all work a little bit better.” – said Róbert Török.

“Unfortunately, we find that some employees misunderstand what exactly the Security Reward Program means. It’s not about colleagues reporting each other when one doesn’t lock their laptops and so on, but exactly what Robi noticed and reported to us.” – emphasized Árpád Rácz Security Manager.