Like most big tech companies, Samsung also runs a bug bounty program. As part of it, the brand offers significant rewards to those ethical hackers who can find bugs in its software. The company launched the Samsung Mobile Security Rewards Program in 2017, which pays out such rewards. So far, it has paid nearly $5 million in bug bounty rewards. Now, Samsung has increased the rewards of the bug bounty program to a million dollars.
Samsung software bug bounty hunters can now earn up to a million dollars
If you are an ethical hacker/researcher, you can earn up to a million dollars by finding bugs in Samsung software. The newly increased rewards are for finding exploits that allow arbitrary code execution on highly important targets. The top $1 million reward can be earned through a remote code execution exploiting the Knox Vault hardware security system. A local exploit execution on the Knox Vault can earn researchers a maximum of $300,000.
Those who manage to exploit the TEEGRIS OS remotely can earn up to $200,000. A remote arbitrary code execution on the same will provide up to $400,000. Rich OS exploiters will be granted up to $300,000 under the bug bounty rewards program. Any researcher who’s able to bypass Auto Blocker, a feature that stops app installs from unauthorized sources, can earn up to $100,000.
Anyone who can extract data from a device before the first unlock can win nearly $400,000. Samsung is offering $200,000 to those who can fully extract the user data after unlocking it. Furthermore, if you can remotely install an arbitrary application, then Samsung is providing up to $100,000 in rewards.
Samsung has paid out close to $5 million since 2017 as part of the bugs bounty program
Samsung has released its first annual report of the Samsung Mobile Security Rewards Program. As part of the report, it has paid close to $5 million as part of this bug bounty program. In 2024 alone, the company paid out $827,925 to 113 researchers. The biggest reward of $57,190 was awarded to TASZK Security Labs for finding vulnerabilities allowing hackers to mount remote attacks.