Samsung has launched a new bug bounty program to encourage reports of security vulnerabilities in its range of mobile devices.
The rewards for local arbitrary execution are around $300,000, while remote code execution (RCE) will see a reward of $1,000,000.
The 'Important Scenario Vulnerability Program (ISVP)' will see people looking for exploits related to device unlocking, data extraction, and bypassing device protection.
Money money money
For Samsung's Rich OS, local code execution flaws will be rewarded with $150,000 and RCEs will reach a maximum payout of $300,000. Reports of successful data extraction on the first unlock will result in a $400,000 bounty, which is reduced to $200,000 if extraction is successful after the first unlock.
The maximum rewards require the vulnerability to be persistent and not require a click. Other rewards with a lower payout include remote installation of arbitrary apps from an unofficial marketplace or an attacker's server, which will receive a reward of $100,000, and $60,000 if installed from the Galaxy Store.
For a report to be considered successful, the vulnerabilities must be a buildable exploit that works unprivileged consistently on major Samsung device models running the latest security update.
Samsung also revealed that it paid out $827,925 as part of the 2023 bug bounty program, which involved 113 security researchers. So far, all of Samsung’s bug bounty programs since 2017 have paid out more than $4.9 million.
Through Computer beeping
