Samsung is offering up to $1 million to anyone who can find security flaws in its software

An image of a CPU with a bug image superimposed on it.
(Image credit: Shutterstock)

Samsung has launched a new bug-hunting bounty program to encourage reports on security vulnerabilities across its range of mobile devices.

Rewards for local arbitrary execution are in the region of $300,000 while remote code execution (RCE) will see a reward of $1,000,000.

The ‘Important Scenario Vulnerability Program (ISVP)’ will have people searching for exploits related to device unlocking, data extraction, and device protection bypass.

Money, money, money

For Samsung’s Rich OS, local code execution flaws will fetch $150,000 and RCEs hitting a maximum payout of $300,000. Reports of successful data extraction on the first unlock will see a reward of $400,000, which drops down to $200,000 if the extraction is achieved after the first unlock.

The maximum rewards require the vulnerability to be persistent and 0-click. Other rewards with a lower payout include remote arbitrary application installation from an unofficial marketplace or attacker server which will see a $100,000 reward, and $60,000 if installed from the Galaxy Store.

To qualify as a successful report, the vulnerabilities must be a buildable exploit that works without privileges consistently on Samsung’s main device models running the latest security update.

Samsung also revealed it paid out $827,925 as part of 2023’s bug bounty program, with 113 security researchers participating in the Mobile Security Rewards Program. So far, all of Samsung’s bug bounty programs since 2017 have paid out over $4.9m.

Via BleepingComputer

More from TechRadar Pro

TOPICS
Benedict Collins
Staff Writer (Security)

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division), then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Read more
Application Security Testing Concept with Digital Magnifying Glass Scanning Applications to Detect Vulnerabilities - AST - Process of Making Apps Resistant to Security Threats - 3D Illustration
Google bug bounty payments hit nearly $12 million in 2024
A woman at a table using a Windows laptop, opposite sits a man, neither show their face
Microsoft will now pay you even more to find security bugs in Copilot
an image of the Samsung Galaxy S24 Ultra
Samsung pulls curtains on classified operation called Project Infinity, where teams compete relentlessly to improve security on billions of Galaxy phones
Facebook on laptop
Researcher nets major reward for finding Facebook bug able to unlock the gates to its internal systems
Ransomware
Synology patches critical vulnerabilities, urges users to update devices against zero-click attacks
Samsung Galaxy S24 apps screen showing all preloaded apps from Samsung, Google, and Microsoft
Samsung’s latest Care+ upgrade makes AppleCare+ look like bad value
Latest in Pro
Squarespace
Build a website for less with 10% off Squarespace subscriptions
UK Prime Minister Sir Kier Starmer
UK PM says AI should soon replace civil servants
Image depicting hands typing on a keyboard, with phishing hooks holding files, passwords and credit cards.
Microsoft warns about a new phishing campaign impersonating Booking.com
An image of network security icons for a network encircling a digital blue earth.
Why effective cybersecurity is a team effort
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Meta warns of worrying security flaw hitting open source type software
Hand holding smartphone and scan fingerprint biometric identity for unlock her mobile phone
Biometrics add another layer of security to passwordless authentication
Latest in News
A graphic of the PC Gaming Show
Get ready for a bounty of PC games on June 8, as the PC Gaming show is back
NordicTrack Ultra 1
The new NordicTrack Ultra 1 treadmill looks like it was designed by an architect and costs $15,000
An Nvidia GeForce RTX 5070
Nvidia RTX 5080 stock is so barren that retailers are holding competitions where you can "win" the right to buy one for MSRP
Assassin's Creed Shadows
Ubisoft shareholder accuses publisher of 'misleading investors', plans protest outside Paris HQ
Google Gemini AI logo on a smartphone with Google background
I made an AI version of Bilbo Baggins using Goggle Gemini for free, and shared a pipe with him outside Bag End – here’s what you can now do with Gems
Nicole Kidman wears a blue blouse with her arms crossed.
Netflix might be renewing The Perfect Couple and Beauty in Black for season 2, but I don’t get why when it’s canceled shows with poorer ratings