Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Share:

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios.

The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections.

Highlighted payouts

Knox Vault is Samsung’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices. Reports achieving local arbitrary execution on Samsung devices receive $300,000, while remote code execution (RCE) rewards $1,000,000.

TEEGRIS OS is Samsung’s Trusted Execution Environment (TEE) operating system, which provides a secure, isolated environment from the main OS to execute sensitive code and process critical data, such as payments and authentication.

Local arbitrary code execution on TEEGRIS OS pays $200,000, while RCE flaws earn up to $400,000.

Local code execution on Rich OS, the primary operating system on Samsung devices, pays $150,000, while RCEs on it reward a maximum of $300,000.

Another noteworthy payout is $100,000 for achieving remote arbitrary application installation from an unofficial marketplace or an attacker’s server or $60,000 if the app is installed from the Galaxy Store. Local arbitrary installations pay $50k and $30k, respectively.

To claim rewards, bug reports must include a buildable exploit that works without privileges consistently on the latest security update of flagship models such as the Galaxy S and Z series.

To claim the maximum rewards, the exploit must be persistent and a 0-click, meaning it requires no user interaction.

$830,000 paid in 2023

Today, Samsung also announced that in 2023, it paid 113 security researchers participating in its Mobile Security Rewards Program $827,925 for their submissions.

Since the program started in 2017, Samsung has paid over $4,900,000 in bug bounty rewards, with the highest being $120,000. The record payout last year was $57,190.

The launch of ISVP aims to break those records, providing strong incentives to garner reports for more critical issues impacting Samsung devices.

Leave a Comment

Your email address will not be published. Required fields are marked *

loader-image
London, GB
1:46 pm, Jan 22, 2025
weather icon 4°C
L: 3° | H: 5°
overcast clouds
Humidity: 90 %
Pressure: 1003 mb
Wind: 6 mph NW
Wind Gust: 0 mph
UV Index: 0
Precipitation: 0 mm
Clouds: 100%
Rain Chance: 0%
Visibility: 6 km
Sunrise: 7:52 am
Sunset: 4:31 pm
DailyHourly
Daily ForecastHourly Forecast
Today 9:00 pm
weather icon
3° | 5°°C 0 mm 0% 3 mph 90 % 1003 mb 0 mm/h
Tomorrow 9:00 pm
weather icon
3° | 7°°C 1 mm 100% 16 mph 89 % 1005 mb 0 mm/h
Fri Jan 24 9:00 pm
weather icon
5° | 11°°C 1 mm 100% 24 mph 89 % 1003 mb 0 mm/h
Sat Jan 25 9:00 pm
weather icon
3° | 6°°C 1 mm 100% 7 mph 88 % 1012 mb 0 mm/h
Sun Jan 26 9:00 pm
weather icon
3° | 7°°C 0.2 mm 20% 15 mph 89 % 1011 mb 0 mm/h
Today 3:00 pm
weather icon
4° | 5°°C 0 mm 0% 3 mph 90 % 1003 mb 0 mm/h
Today 6:00 pm
weather icon
3° | 4°°C 0 mm 0% 3 mph 88 % 1003 mb 0 mm/h
Today 9:00 pm
weather icon
4° | 4°°C 0 mm 0% 3 mph 85 % 1003 mb 0 mm/h
Tomorrow 12:00 am
weather icon
4° | 4°°C 0 mm 0% 4 mph 75 % 1003 mb 0 mm/h
Tomorrow 3:00 am
weather icon
3° | 3°°C 0 mm 0% 5 mph 83 % 1005 mb 0 mm/h
Tomorrow 6:00 am
weather icon
3° | 3°°C 0 mm 0% 7 mph 86 % 1004 mb 0 mm/h
Tomorrow 9:00 am
weather icon
5° | 5°°C 0 mm 0% 10 mph 88 % 1003 mb 0 mm/h
Tomorrow 12:00 pm
weather icon
7° | 7°°C 1 mm 100% 15 mph 89 % 999 mb 0 mm/h
Name Price24H (%)
Bitcoin(BTC)
€99,884.64
-0.13%
Ethereum(ETH)
€3,146.19
-0.35%
XRP(XRP)
€3.04
1.90%
Tether(USDT)
€0.96
0.08%
Solana(SOL)
€250.18
8.56%
Dogecoin(DOGE)
€0.345978
-2.29%
USDC(USDC)
€0.96
0.00%
Shiba Inu(SHIB)
€0.000019
-0.83%
Pepe(PEPE)
€0.000015
2.02%
Peanut the Squirrel(PNUT)
€0.350706
-0.26%
Scroll to Top