Want $1 million? Find a bug in Samsung's software

Like many major companies, Samsung runs a bug bounty program through which it offers ethical hackers considerable rewards for disclosing security vulnerabilities. Samsung has now bumped up the maximum reward offered to a whopping $1 million.

Find serious security vulnerabilities, make bank

The Samsung Mobile Security Rewards Program was launched back in 2017 and the company has now launched its first Annual Report, revealing some interesting details. Since launch, the program has paid out almost $5 million in bug bounties. Samsung paid out $827,925 in 2023 alone to 113 researchers.The highest reward was $57,190 paid to TASZK Security Labs as it found vulnerabilities that could allow hackers to mount potential remote attacks.

As the company's focus on AI solutions grows with Galaxy AI, it's also launching the Samsung Mobile AI Security rewards program as pilot, ensuring that any vulnerabilities in new software technologies can be addressed before they become a problem. Going forward, Samsung will also be awarded more significant rewards of up to $1 million.

Researchers who find any exploits that allow arbitrary code execution on highly privileged targets, full user data extractions, unlocking devices, arbitrary app installs or bypassing device protection can receive up to $1 million which is now the maximum amount covered under this program. Those who are able to bypass Auto Blocker, a feature introduced to prevent app installs from unauthorized sources, will get up to $100,000 as a reward. The full list of rewards offered in available on Samsung's security blog.