Like most big tech companies, Samsung also has a bug bounty program. Samsung offers significant rewards to those who can find security flaws and vulnerabilities in its software as a part of its Mobile Security Program. The company has now increased the rewards of the bug bounty program to a million dollars.
According to a blog post by Samsung, security researchers – as well as others – can earn rewards if they can find any vulnerabilities related to Arbitrary Code Execution on privileged targets. This includes things like unlocking devices, data extraction, executing arbitrary application installation or bypass the device's security.
Samsung has explained that users can earn rewards by finding different types of security flaws in their system. The top $1 million reward can be earned by exploiting Knox Vault and executing a remote code in the Samsung's hardware security system.
Samsung Mobile Security rewards
| Product/Service | Local ACE Cost | Remote ACE Cost |
| Knox Vault | $300,000 | $1,000,000 |
| TEEGRIS OS | $200,000 | $400,000 |
| Rich OS | $150,000 | $300,000 |
Eligibility criteria
According to Samsung's blog post, the report should showcase a successful attack targeting important scenarios.
To qualify for the Good Report Bonus, the submission must include an exploit that successfully targets one or more of the defined Important Scenarios.
The exploit must be effective on the latest security updates of the latest flagship Galaxy S and Z series devices. It should be executable without requiring elevated privileges. When submitting through the rewards program, include the prefix [ISVP] in your report title to join the program.
Discover the latest Business News, Sensex, and Nifty updates. Obtain Personal Finance insights, tax queries, and expert opinions on Moneycontrol or download the Moneycontrol App to stay updated!
