Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

Samsung Bug Bounty Program Payouts Reach $5M, Top Reward Increased to $1M

Samsung has paid out nearly $5 million through its bug bounty program since 2017 and the tech giant announced that the top reward has increased to $1 million.

Samsung bug bounty program

Samsung announced on Tuesday that it has paid out nearly $5 million through its bug bounty program since its launch in 2017, including $828,000 in 2023.

In 2023, 113 researchers got paid for responsibly disclosing vulnerabilities in Galaxy mobile devices. The highest single reward exceeded $57,000 and it went to TASZK Security Labs.

“Their impressive research helped secure our products against potential remote attacks,” Samsung said. “Although Exynos Baseband related reports became out of scope with our program and [TASZK Security Labs] reports involved chains with baseband, resulting in a reduction of the overall reward, it was still TASZK Security Labs who received the highest total payout in 2023.”

The company on Tuesday also announced bonus rewards for high-quality vulnerability reports, and informed bug bounty hunters that the maximum reward has been increased to $1 million.

The top amount can be earned for a remote code execution exploit targeting the Knox Vault hardware security system. A local code execution exploit targeting Knox Vault can earn researchers up to $300,000.

An exploit involving device unlocking with full user data extraction is worth up to $400,000, and finding a way to install arbitrary applications from outside the Galaxy Store can earn bug bounty hunters $100,000.

These high rewards can be earned as part of Samsung’s Important Scenario Vulnerability Program. In order to qualify, reporting researchers have to submit a quality report with a practical exploit that can be executed without privileges on up-to-date Galaxy S or Z series mobile devices.

Microsoft announced this week that it has paid out roughly $16.6 million through its bug bounty programs over the past year, which brings the total awarded since 2018 to $75.5 million. 

Advertisement. Scroll to continue reading.

Related: Netflix Paid Out Over $1 Million via Bug Bounty Program

Related: Google Offering $250,000 for Full VM Escape in New KVM Bug Bounty Program

Related: Adobe Adds Content Credentials and Firefly to Bug Bounty Program

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights