Möwe Vulnerability Disclosure Policy

Last updated: April 2025
At Möwe, we are committed to providing secure and innovative smart home products that enhance the safety, convenience, and lifestyle of our customers. Security is a critical aspect of our mission, and we deeply value the efforts of researchers and individuals who help us maintain and improve the integrity of our systems.
This Vulnerability Disclosure Policy outlines our commitment to work with the security community to investigate, respond to, and resolve security issues in our products and services.

Scope

This policy applies to:
  • Möwe’s public-facing digital assets (e.g., websites, APIs, mobile apps).
  • Smart home and kitchen appliances with IoT connectivity sold under the Möwe brand.
  • Backend systems and services used to manage connected devices.

Reporting a Vulnerability

If you believe you have discovered a vulnerability, we encourage you to report it to us responsibly.
Please include the following in your report:
  • A detailed description of the vulnerability
  • Steps to reproduce the issue
  • Affected product or service (e.g., model number, firmware version)
  • Any supporting evidence (e.g., screenshots, logs, or proof-of-concept)
Send your report to: support@mowesmarthome.com

What You Can Expect from Us

Once a vulnerability is reported:
  • We will acknowledge receipt within 5 business days.
  • We will begin an internal investigation and keep you informed of progress.
  • We aim to resolve and patch valid issues within a reasonable timeframe.
  • If applicable, we will publicly acknowledge your contribution (with your consent).

What You Can Expect from Us

To protect our users and systems, we ask you to:
Avoid exploiting the vulnerability beyond what is necessary to prove its existence. Do not access or modify user data, perform denial of service attacks, or disrupt services. Allow us a reasonable timeframe to fix the issue before public disclosure. Follow all applicable laws and regulations.

Out of Scope

The following types of findings are generally not in scope:
  • Social engineering attacks
  • Physical attacks on hardware
  • Denial of service (DoS/DDoS)
  • Third-party software or services not under Möwe’s control
  • Issues requiring root/jailbroken devices

Legal Safe Harbour

Möwe will not initiate legal action against researchers who:
  • Act in good faith
  • Report vulnerabilities responsibly and follow this policy
  • Do not exploit the vulnerability for personal or third-party gain
Thank you for helping us keep Möwe’s smart home ecosystem safe and secure. Your contribution supports our mission to deliver trusted innovation to every modern home.