Samsung Offers Massive Bounties: Security Experts Can Earn Up to $1 Million

Samsung Offers Massive Bounties: Security Experts Can Earn Up to $1 MillionTo further enhance the security of its Galaxy devices, Samsung has recently launched the new "Important Scenario Vulnerability Program" (ISVP) and announced a maximum bounty of up to $1 million. This program aims to encourage security researchers to actively discover and report potential security vulnerabilities in Galaxy devices, thereby improving overall device security and user privacy protection

Samsung Offers Massive Bounties: Security Experts Can Earn Up to $1 Million

To further enhance the security of its Galaxy devices, Samsung has recently launched the new "Important Scenario Vulnerability Program" (ISVP) and announced a maximum bounty of up to $1 million. This program aims to encourage security researchers to actively discover and report potential security vulnerabilities in Galaxy devices, thereby improving overall device security and user privacy protection.

ISVP stands for "Important Scenario Vulnerability Program" and primarily focuses on the following five important scenario vulnerabilities:

• Arbitrary Code Execution: Attackers can execute arbitrary code on the device, enabling them to control the device and steal data.

• Device Unlock: Attackers can bypass the device unlock mechanism to gain control of the device.

• Data Extraction: Attackers can extract sensitive data from the device, such as personal information, bank accounts, etc.

• Arbitrary Application Installation: Attackers can install untrusted applications on the device, enabling them to steal data or perform malicious operations.

• Bypass Device Protection: Attackers can bypass device security mechanisms, such as fingerprint recognition, facial recognition, etc., to gain control of the device.

Samsung offers substantial rewards for vulnerabilities in different scenarios, with a maximum of $1 million. Specific reward amounts are as follows:

KnoxVault

• Local Arbitrary Execution: $300,000

• Remote Code Execution: $1,000,000

TEEGRISOS

• Local Arbitrary Code Execution: $200,000

• Remote Code Execution: $400,000

RichOS

• Local Arbitrary Code Execution: $150,000

• Remote Code Execution: $300,000

Device Unlock

• Unlock with Full User Data Extraction: $400,000

• Unlock after First Unlock: $200,000

Application Installation

• Remote Arbitrary Application Installation:

• Installation from unofficial markets or attacker servers: $100,000

• Installation from GalaxyStore: $60,000

• Local Arbitrary Installation:

• Installation from unofficial markets or attacker servers: $50,000

• Installation from GalaxyStore: $30,000

Samsung stated that since its inception in 2017, the program has accumulated over $4.9 million in vulnerability bounty awards. In 2023, Samsung paid out $827,925 in rewards to 113 security researchers, with the highest payout reaching $120,000.

The launch of Samsung's ISVP demonstrates its commitment to security, while also providing security researchers an opportunity to showcase their skills and earn significant rewards. The successful implementation of this program will contribute to enhancing the security and user experience of Galaxy devices, further solidifying Samsung's security leadership in the mobile device industry.

Samsung aims to establish a close partnership with security researchers through ISVP to jointly build a more secure and reliable mobile ecosystem. With the continued development of ISVP, Samsung is confident that it can better address the increasingly complex cybersecurity threats and provide users with more secure and reliable mobile devices.