Samsung is offering up to $1 million to anyone who can find security flaws in its software

Samsung wants researchers to find bugs for big bucks

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

Samsunghas launched a new bug-hunting bounty program to encourage reports on security vulnerabilities across its range of mobile devices.

Rewards for local arbitrary execution are in the region of $300,000 while remote code execution (RCE) will see a reward of $1,000,000.

The ‘Important Scenario Vulnerability Program (ISVP)’ will have people searching for exploits related to device unlocking, data extraction, and device protection bypass.

Money, money, money

For Samsung’s Rich OS, local code execution flaws will fetch $150,000 and RCEs hitting a maximum payout of $300,000. Reports of successful data extraction on the first unlock will see a reward of $400,000, which drops down to $200,000 if the extraction is achieved after the first unlock.

The maximum rewards require the vulnerability to be persistent and 0-click. Other rewards with a lower payout include remote arbitrary application installation from an unofficial marketplace or attacker server which will see a $100,000 reward, and $60,000 if installed from the Galaxy Store.

To qualify as a successful report, the vulnerabilities must be a buildable exploit that works without privileges consistently on Samsung’s main device models running the latest security update.

Samsung alsorevealedit paid out $827,925 as part of 2023’s bug bounty program, with 113 security researchers participating in the Mobile Security Rewards Program. So far, all of Samsung’s bug bounty programs since 2017 have paid out over $4.9m.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

ViaBleepingComputer

More from TechRadar Pro

Benedict has been writing about security issues for over 7 years, first focusing on geopolitics and international relations while at the University of Buckingham. During this time he studied BA Politics with Journalism, for which he received a second-class honours (upper division),  then continuing his studies at a postgraduate level, achieving a distinction in MA Security, Intelligence and Diplomacy. Upon joining TechRadar Pro as a Staff Writer, Benedict transitioned his focus towards cybersecurity, exploring state-sponsored threat actors, malware, social engineering, and national security. Benedict is also an expert on B2B security products, including firewalls, antivirus, endpoint security, and password management.

Google puts Nvidia on high alert as it showcases Trillium, its rival AI chip, while promising to bring H200 Tensor Core GPUs within days

A new form of macOS malware is being used by devious North Korean hackers

How to delete a character from Character AI