Connect with us

Tech News

Samsung Announced Bug Bounty Program For Galaxy Devices

Published

on

Latest Hacking News

Security researchers now have another lucrative opportunity to win hefty payouts for their bug findings. Samsung has announced a separate bug bounty program for its flagship mobile phones, which typically focuses on ‘Important Scenarios’ for Galaxy devices.

New Bug Bounty Program Focuses On ‘Important Scenarios’ For Samsung Galaxy Devices

As announced recently, Samsung has launched a new reward program named the ‘Important Scenario Vulnerability Program.’

As the name suggests, this bug bounty program is separate from the existing reward program for mobile devices. It typically focuses on specific scenarios that Samsung deems important for its Galaxy devices.

Specifically, Samsung listed three important features for its Galaxy devices in its post. Any severe security vulnerabilities impacting these three aspects would make the researcher eligible to participate in this program. These include,

  • Knox Vault: A hardware-based secure vault in Samsung devices that allows users to safely store sensitive information, such as passwords, biometric data and crypto keys. This dedicated security chip protects the stored data from threats like side-channel attacks, tampering, probing, and fault injection attacks.
  • TEEGRIS OS: A system-wide security solution that executes applications in the TrustZone-based trusted execution environment.
  • Rich OS: The primary operating system on Samsung devices, powered by Samsung’s Knox Vault, where user apps are installed.

Samsung has set the highest bug bounties (listed below) based on the type of arbitrary code execution vulnerability (local or remote) affecting these three components.

Target Local ACE Remote ACE
Knox Vault ~ $ 300,000 ~ $ 1,000,000
TEEGRIS OS ~ $ 200,000 ~ $ 400,000
Rich OS ~ $ 150,000 ~ $ 300,000

Regarding the eligibility factors, Samsung explained that good reports with buildable exploits against the mentioned Important Scenarios are eligible. In addition, the exploits should work against the latest flagship Galaxy Z and Galaxy S series device security updates and execute without privileges.

Samsung also announced other scenarios where the researchers could earn lucrative bug bounties. These include,

  • Device Unlock & Full User Data Extraction: $200,000 to $400,000
  • Arbitrary application installation from Galaxy Store: $30,000 to $60,000
  • Other arbitrary app installation: $50,000 to $100,000
  • Auto Blocker bypass: $100,000

Let us know your thoughts in the comments.

See also  Meta to Dissolve App Lab Next Month, Putting More Steam Behind Early Access Program

Trending