Adrian Johnson
TLDR:
- Samsung is offering up to $1 million in rewards for critical vulnerabilities in its mobile devices
- The focus is on arbitrary code execution on highly privileged targets
Samsung has announced a significant increase in its bug bounty program, offering rewards of up to $1 million for researchers who can demonstrate critical vulnerabilities in its mobile devices. The program specifically targets scenarios such as arbitrary code execution on privileged targets, device unlocking, arbitrary application installation, and bypass of device protection solutions. The highest reward of $1 million is reserved for remote arbitrary code execution vulnerabilities targeting Knox Vault, Samsung’s secure environment for storing sensitive data. Other rewards include up to $400,000 for remote code execution on TEEGRIS OS and up to $300,000 for remote code execution on Rich OS.
To qualify for these rewards, researchers must meet specific criteria, including satisfying the Good Report Bonus requirements and demonstrating a successful attack on important scenarios with a buildable exploit. Samsung’s increased bounties reflect the growing importance of mobile security in the face of sophisticated cyber threats. By incentivizing security researchers to detect vulnerabilities, Samsung aims to protect users’ data and prevent potential attacks. This move aligns with the company’s commitment to mobile security, demonstrated through its ongoing Mobile Security Rewards Program.
Through this initiative, Samsung is not only attracting more security researchers to identify vulnerabilities in its products but also showing its dedication to maintaining high standards of security for mobile devices in an increasingly complex digital world.
