"Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M"

Samsung recently announced that it has paid out nearly $5 million through its bug bounty program since its launch in 2017, including $828,000 in 2023.  In 2023, Samsung noted that 113 researchers got paid for responsibly disclosing vulnerabilities in Galaxy mobile devices.  The highest single reward exceeded $57,000, and it went to TASZK Security Labs.  The company also recently announced bonus rewards for high-quality vulnerability reports and informed bug bounty hunters that the maximum reward has been increased to $1 million.  The company noted that a local code execution exploit targeting Knox Vault can earn researchers up to $300,000.  An exploit involving device unlocking with full user data extraction is worth up to $400,000, and finding a way to install arbitrary applications from outside the Galaxy Store can earn bug bounty hunters $100,000.  Samsung said these high rewards can be earned as part of Samsung’s Important Scenario Vulnerability Program.  To qualify, reporting researchers must submit a quality report with a practical exploit that can be executed without privileges on up-to-date Galaxy S or Z series mobile devices.

SecurityWeek reports: "Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M"