There has been growing number of incidents related to cyber attack and data breaches leading many corporates and tech organizations to start Bug Bounty Programs. Such Bug Bounty Programs encourage hackers, bug hunters, and researchers to hack into their systems and responsibly report the loopholes in the security of their systems and get rewarded.
Organizations like Facebook, Google and many others like them have been known to reward via Bug Bounty programs for detecting flaws or loopholes in their systems and making them more secure. Samsung has joined the list of tech companies to launch a bug bounty program. Samsung will be offering a reward of upto $200,000 to anyone who discovers vulnerabilities in its mobile devices and associated software.
The Mobile Security Program as it is called, the new bug bounty program will cover around 38 Samsung mobile devices released from 2016 onwards which receive monthly or quarterly security updates from it.
Are you ready to grab your rewards, if you wish to participate in the Samsung Mobile Security Rewards Program then target — the Galaxy S, Galaxy Note, Galaxy A, Galaxy J, and the Galaxy Tab series and also the latest smartphones like the S8, S8+, and Note 8.
Explaining about the bug bounty program, the company said on its website – “We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports.”
Further, it stated – “We look forward to your continued interests and participations in our Samsung Mobile Security Rewards Program. Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile.”
Samsung’s bug bounty program is not limited to just its smartphones, but also the Mobile Services suite is also part of its bug bounty program. It will also cover apps and services such as Bixby, Samsung Account, Samsung Pay, Samsung Pass, among others.
In order to be eligible for the reward, the researchers and bug hunter will have to provide a valid proof-of-concept (PoC) exploit that can compromise a Samsung handset without requiring any physical connection or third-party application.
The amount of the reward will be evaluated depending on the severity level of the vulnerability (Critical, High, Moderate, and Low) and how it impacts the devices. The minimum reward declared will be $200 for low severity flaws, whereas the highest reward will be $200,000 for detecting crucial bugs.
Bugs related to trusted execution environment (TEE) or Bootloader compromise will be offered higher rewards. Samsung will determine the severity level of bugs and security vulnerabilities discovered.
Apple also has its own bug bounty program which offers around $200000 which is similar to Samsung’s reward amount. But this rewards it less compared to what Microsoft is offering. The newly launched bounty program offers $250000 for Windows 10 security bugs.
Another company to join the bandwagon is the non-profit organization Tor Project, who in partnership with HackerOne has launched its own bug bounty program with the highest payouts for flaws being a decent $4000.
Lets get busy hunting bugs in Samsung’s products and submit your finding to the company via Security Reporting page.