Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios.

The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections.

Highlighted payouts

Knox Vault is Samsung’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices. Reports achieving local arbitrary execution on Samsung devices receive $300,000, while remote code execution (RCE) rewards $1,000,000.

TEEGRIS OS is Samsung’s Trusted Execution Environment (TEE) operating system, which provides a secure, isolated environment from the main OS to execute sensitive code and process critical data, such as payments and authentication.

Local arbitrary code execution on TEEGRIS OS pays $200,000, while RCE flaws earn up to $400,000.

Local code execution on Rich OS, the primary operating system on Samsung devices, pays $150,000, while RCEs on it reward a maximum of $300,000.

Another noteworthy payout is $100,000 for achieving remote arbitrary application installation from an unofficial marketplace or an attacker’s server or $60,000 if the app is installed from the Galaxy Store. Local arbitrary installations pay $50k and $30k, respectively.

To claim rewards, bug reports must include a buildable exploit that works without privileges consistently on the latest security update of flagship models such as the Galaxy S and Z series.

To claim the maximum rewards, the exploit must be persistent and a 0-click, meaning it requires no user interaction.

$830,000 paid in 2023

Today, Samsung also announced that in 2023, it paid 113 security researchers participating in its Mobile Security Rewards Program $827,925 for their submissions.

Since the program started in 2017, Samsung has paid over $4,900,000 in bug bounty rewards, with the highest being $120,000. The record payout last year was $57,190.

The launch of ISVP aims to break those records, providing strong incentives to garner reports for more critical issues impacting Samsung devices.

Leave a Comment Cancel Reply

London, GB

9:48 pm, Jun 21, 2025

27°C

L: 25° | H: 28°

Feels like 27°C° scattered clouds

Humidity: 50 %

Pressure: 1013 mb

Wind: 8 mph E

Wind Gust: 0 mph

UV Index: 0

Precipitation: 0 mm

Clouds: 44%

Rain Chance: 0%

Visibility: 10 km

Sunrise: 4:43 am

Sunset: 9:21 pm

DailyHourly

Daily ForecastHourly Forecast

Today 10:00 pm

25° | 28°°C 0 mm 0% 9 mph 50 % 1013 mb 0 mm/h

Tomorrow 10:00 pm

17° | 26°°C 0.25 mm 25% 16 mph 64 % 1014 mb 0 mm/h

Mon Jun 23 10:00 pm

15° | 23°°C 0.2 mm 20% 15 mph 80 % 1016 mb 0 mm/h

Tue Jun 24 10:00 pm

13° | 25°°C 0 mm 0% 14 mph 80 % 1016 mb 0 mm/h

Wed Jun 25 10:00 pm

16° | 28°°C 0.21 mm 21% 10 mph 85 % 1014 mb 0 mm/h

Today 10:00 pm

23° | 27°°C 0 mm 0% 9 mph 50 % 1013 mb 0 mm/h

Tomorrow 1:00 am

21° | 25°°C 0.2 mm 20% 8 mph 52 % 1013 mb 0 mm/h

Tomorrow 4:00 am

17° | 20°°C 0.25 mm 25% 9 mph 64 % 1013 mb 0 mm/h

Tomorrow 7:00 am

17° | 17°°C 0 mm 0% 10 mph 64 % 1014 mb 0 mm/h

Tomorrow 10:00 am

22° | 22°°C 0 mm 0% 12 mph 49 % 1014 mb 0 mm/h

Tomorrow 1:00 pm

26° | 26°°C 0 mm 0% 14 mph 34 % 1013 mb 0 mm/h

Tomorrow 4:00 pm

24° | 24°°C 0 mm 0% 16 mph 41 % 1012 mb 0 mm/h

Tomorrow 7:00 pm

23° | 23°°C 0 mm 0% 14 mph 51 % 1012 mb 0 mm/h

Name	Price	24H (%)
Bitcoin(BTC)	€89,053.80	-1.00%
Ethereum(ETH)	€2,081.68	-1.33%
Tether(USDT)	€0.87	0.01%
XRP(XRP)	€1.80	-2.57%
Solana(SOL)	€119.99	-2.13%
USDC(USDC)	€0.87	-0.01%
Dogecoin(DOGE)	€0.137327	-3.48%
Shiba Inu(SHIB)	€0.000010	-3.35%
Pepe(PEPE)	€0.000009	-3.13%
Peanut the Squirrel(PNUT)	€0.218233	13.10%

Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Share:

Highlighted payouts

$830,000 paid in 2023

Leave a Comment Cancel Reply

Utility link

Useful link

Newsletter

Follow Us