Detecting software vulnerabilities Samsung can be rewarded with 1 million USD

The bounty value will depend on the severity of the discovered security vulnerability.

Samsung's bug bounty program has been implemented since 2017. To date, Samsung has paid nearly 5 million USD through this program. In 2023, 113 researchers were awarded $828,000 in bounties by the company after they disclosed security vulnerabilities in Galaxy mobile devices.

The highest individual reward value was paid by Samsung to Hungary-based security company TASZK Security Labs for up to $57,000 for helping protect its products from potential remote attacks.

The research company with the most reports about vulnerabilities in Samsung software is Oversecured Inc from Barcelona (Spain), helping the company be more proactive in fixing vulnerabilities in its products.

According to Bleeping Computer, with a vulnerability that allows remote code execution targeting the Knox Vault hardware security system, analysts can receive $300,000. Knox Vault is Samsung's secure isolated environment for storing sensitive biometric information and cryptographic keys on mobile devices.

With the exploit unlocking the device and completely extracting user data, Samsung's reward could be up to $400,000. As for the bug that allowed the installation of applications from sources other than the Galaxy Store, security researchers earned a $100,000 reward.