Security

At Quooker, the security of our systems is very important to us. Despite our best effort to secure our systems, it is possible that there is still a vulnerability.

If you have found a vulnerability in one of our systems, please let us know so that we can take measures as quickly as possible. We would like to work with you to protect our customers and our systems in the best possible way.

Our systems include, but are not limited to the embedded device, web applications, web pages, Android and iOS apps and IT systems, worldwide.

We ask you:

  • Email your findings to cvd-security@quooker.com. Encrypt your findings with our PGP key, which can be found at the bottom of this page as a download.
  • Mention a name or alias and preferred method of communication (and associated details).
  • Not to abuse the problem by downloading more data than is necessary to demonstrate the leak or by viewing, deleting, or modifying data related to our systems.
  • Do not share the issue with others until it is resolved and erase all confidential information after the vulnerability is closed.
  • Not to use attacks on physical security, social engineering, distributed denial of service, spam or third-party applications.
  • In case of an embedded product, please provide information such as product name and serial number, the firmware or software version, and any relevant additional information.
  • For web-based services, please provide the date and time of testing, URLs, the browser type and version, as well as the input provided to the application.
  • Please provide any details on the tools used to conduct the testing and any relevant test configurations.
  • Please provide a copy if you wrote specific proof-of-concept or exploit code.
  • Please do not publish the vulnerability without our written approval. 

What we promise:

  • We will respond to your report within 3 working days with our assessment of the report and an expected resolution date.
  • We will not take legal action against you regarding the report if you have complied with the above conditions.
  • We will treat your report confidentially and will not share your personal information with third parties without your permission. Unless this is necessary to comply with a legal obligation.
  • Reporting under a pseudonym is possible.
  • We will keep you informed of the progress of solving the problem.
  • We offer a reward for every HIGH or CRITICAL vulnerability that has been resolved and was not yet reported or published.
  • We aim to resolve all issues as quickly as possible and would be happy to be involved in any publication of the issue after it has been resolved.

PGP Public Key

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG C# v1.6.1.0

mQENBGJMSWEBCACNBwwmftxx8hB7CWT+MPhSwQV8KHf+RfnF72lbrOKyWRLdqVG5
VkfZfP/3dtYuCUJb44GT+OufXFiKtXgIhUpK3tsqbQzAUAW0EnpEuWAijWTfMPGM
zV3NHPMPiPG1cpzAmLxTssNGwYrwohO+ABoRIWCnDuDa35L2fZ8uu4UYQ/JnZ8nz
47llmSTt691nXTHuBqLP9rRFwvyATxdsnc9g9C6YoSU/9QrIabPUZqJG4OzD7Jgh
05MJ1FdGz2rLJW3M5uGig7gxd9FO+UsHlGAwfsh1m7BHhxGBVscw9t0uCipanjj6
7e3uflozuXsMaJKOKR4UVI3eYU1VriPUXpzdABEBAAG0GGN2ZC1zZWN1cml0eUBx
dW9va2VyLmNvbYkBHAQQAQIABgUCYkxJYQAKCRCsetQgKOti8ZCqB/9fBIdN+XEY
CrDQ/cxNkd2y6iuJ8UVftAKryYK7C0AE3CXirGaO8q+WpSkuetn3mf75WEyZRTTG
ZKRVQdnIJBo6YRVwkvxrqlsfgu2JNBE/mt6AXARCUajmvjF+PRoy0ktD4WUqArRR
PKdBq5VY1S7cG5Y8Bryt77bSU/z6i5HaVf7g6cLfff5voZPQVMhBvw1BXMAcgd5H
cuvug08sW7YqwablM5iG4G25NqepyT3Ue/n2tHm14z2MFw+usdp0YUPOOxWb7D8Q
TQ8OoYI9PptA3MiyxnrW/z/3XX0udqZ5qE+wf3k30QWxSip6q6xiiQDdTDbku8zy
DmPxl/nWcSG1
=MpZI
-----END PGP PUBLIC KEY BLOCK-----