Samsung’s ‘bug bounty’ program now offering $1 million reward for software vulnerabilities
Samsung is offering rewards of up to $1 million to anyone disclosing and documenting security vulnerabilities with its software. The tech corporation announced on Tuesday that it has paid nearly $5 million through the bug bounty program it launched in 2017.
In 2023, the company reportedly gave a payout of $828,000 to 113 researchers, after they revealed vulnerabilities in Galaxy mobile devices. The highest individual reward exceeded $57,000, which went to TASZK Security Labs. However, the South Korean tech giant has now bumped this reward up to seven figures.
Samsung Mobile Security Bounty Program has been renewed to include a new "Important Scenario Vulnerability Program," offering a maximum bounty of up to $1,000,000.
Samsung is listening to feedback from external researchers and is making changes to reflect their opinions.
For… pic.twitter.com/3EhKfiH06Q
— Dohyun Lee (@l33d0hyun) August 6, 2024
In a post on the Samsung website, mobile product security lead Jasper Park revealed that the researcher with the most reports was Oversecured Inc.
“[TASZK Security Labs’] impressive research helped secure our products against potential remote attacks,” he said. “Although Exynos Baseband related reports became out of scope with our program and his reports involved chains with baseband, resulting in a reduction of the overall reward, it was still TASZK Security Labs who received the highest total payout in 2023.”
He added: “Oversecured is one of our best friends, having submitted numerous valuable reports since their initial report with us back in 2021.”
Park also stated that the mobile app security provider had covered various targets including applications and frameworks, “helping us towards securing diverse targets of and introducing novel types of vulnerabilities in our products.”
How much can you earn from Samsung’s Bug Bounty Program?
According to Bleeping Computer, analysts can receive $300,000 for a remote code execution exploit targeting the Knox Vault hardware security system. Knox Vault is the company’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices.
A bug bounty reward of up to $400,000 will be given for exploits that unlock devices and extract user data completely. Finding ways to install apps from sources other than the Galaxy Store could earn ethical hackers up to $100,000.
Featured image: Ideogram
The post Samsung’s ‘bug bounty’ program now offering $1 million reward for software vulnerabilities appeared first on ReadWrite.