Home Samsung’s ‘bug bounty’ program now offering $1 million reward for software vulnerabilities

Samsung’s ‘bug bounty’ program now offering $1 million reward for software vulnerabilities

tl;dr

  • Samsung offers up to $1 million for disclosed security vulnerabilities in its software, with nearly $5 million paid since 2017.
  • In 2023, Samsung rewarded 113 researchers with $828,000 for discovering vulnerabilities in Galaxy devices.
  • The highest individual reward in 2023 exceeded $57,000, and Samsung's top researcher was Oversecured Inc.

Samsung is offering rewards of up to $1 million to anyone disclosing and documenting security vulnerabilities with its software. The tech corporation announced on Tuesday that it has paid nearly $5 million through the bug bounty program it launched in 2017.

In 2023, the company reportedly gave a payout of $828,000 to 113 researchers, after they revealed vulnerabilities in Galaxy mobile devices. The highest individual reward exceeded $57,000, which went to TASZK Security Labs. However, the South Korean tech giant has now bumped this reward up to seven figures.

In a post on the Samsung website, mobile product security lead Jasper Park revealed that the researcher with the most reports was Oversecured Inc.

“[TASZK Security Labs’] impressive research helped secure our products against potential remote attacks,” he said. “Although Exynos Baseband related reports became out of scope with our program and his reports involved chains with baseband, resulting in a reduction of the overall reward, it was still TASZK Security Labs who received the highest total payout in 2023.”

He added: “Oversecured is one of our best friends, having submitted numerous valuable reports since their initial report with us back in 2021.”

Park also stated that the mobile app security provider had covered various targets including applications and frameworks, “helping us towards securing diverse targets of and introducing novel types of vulnerabilities in our products.”

How much can you earn from Samsung’s Bug Bounty Program?

According to Bleeping Computer, analysts can receive $300,000 for a remote code execution exploit targeting the Knox Vault hardware security system. Knox Vault is the company’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices.

A bug bounty reward of up to $400,000 will be given for exploits that unlock devices and extract user data completely. Finding ways to install apps from sources other than the Galaxy Store could earn ethical hackers up to $100,000.

Featured image: Ideogram

About ReadWrite’s Editorial Process

The ReadWrite Editorial policy involves closely monitoring the tech industry for major developments, new product launches, AI breakthroughs, video game releases and other newsworthy events. Editors assign relevant stories to staff writers or freelance contributors with expertise in each particular topic area. Before publication, articles go through a rigorous round of editing for accuracy, clarity, and to ensure adherence to ReadWrite's style guidelines.

Suswati Basu
Tech journalist

Suswati Basu is a multilingual, award-winning editor and the founder of the intersectional literature channel, How To Be Books. She was shortlisted for the Guardian Mary Stott Prize and longlisted for the Guardian International Development Journalism Award. With 18 years of experience in the media industry, Suswati has held significant roles such as head of audience and deputy editor for NationalWorld news, digital editor for Channel 4 News and ITV News. She has also contributed to the Guardian and received training at the BBC As an audience, trends, and SEO specialist, she has participated in panel events alongside Google. Her…

Get the biggest tech headlines of the day delivered to your inbox

    By signing up, you agree to our Terms and Privacy Policy. Unsubscribe anytime.

    Tech News

    Explore the latest in tech with our Tech News. We cut through the noise for concise, relevant updates, keeping you informed about the rapidly evolving tech landscape with curated content that separates signal from noise.

    In-Depth Tech Stories

    Explore tech impact in In-Depth Stories. Narrative data journalism offers comprehensive analyses, revealing stories behind data. Understand industry trends for a deeper perspective on tech's intricate relationships with society.

    Expert Reviews

    Empower decisions with Expert Reviews, merging industry expertise and insightful analysis. Delve into tech intricacies, get the best deals, and stay ahead with our trustworthy guide to navigating the ever-changing tech market.