Samsung increases bug bounty programme reward, up to US$1 million per eligible vulnerability report

Are you really good at hunting software and security flaws and bugs? Samsung might have something to reward you for your effort.

As announced via its Mobile Press newsroom, Samsung has increased its bug bounty reward programme to a cool US$1 million per “eligible security vulnerability report”. This reward programme is open to the “external security community”, which effectively includes professional and independent cybersecurity firms and individual experts who don’t mind finding flaws in their free time (the latter of which is something Singaporeans excel at).

Called the Mobile Security Rewards Program, this update aligns with Samsung’s commitment to improving its mobile security ecosystem. The change also welcomes improved classification, criteria, and transparency of its security efforts to the external community.

First introduced in 2017, the Mobile Security Rewards Program has a newly introduced “Important Scenario Vulnerability Program.” The link leads to the criteria needed to qualify for a maximum reward and specifies the payout for each type of discovered flaw (Samsung Knox remote flaws pay out the maximum amount).

Of particular note is “Arbitrary Application Install,” which offers US$60,000 to US$100,000 if external security firms and individuals can identify exploits from third-party apps and those found on the Galaxy Store. It even covers applications “from unofficial marketplace or attacker’s server.”

Fully bypassing Samung’s Auto Blocker is a cool US$100,000. This feature prevents the sideloading of apps, and also deters harmful commands and installation processes made via USB cables.

To learn more about Samsung’s bounty reward programme for catching security flaws, check out the official page here.

Source: Samsung (newsroom)

Our articles may contain affiliate links. If you buy through these links, we may earn a small commission.