Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios.

The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections.

Highlighted payouts

Knox Vault is Samsung’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices. Reports achieving local arbitrary execution on Samsung devices receive $300,000, while remote code execution (RCE) rewards $1,000,000.

TEEGRIS OS is Samsung’s Trusted Execution Environment (TEE) operating system, which provides a secure, isolated environment from the main OS to execute sensitive code and process critical data, such as payments and authentication.

Local arbitrary code execution on TEEGRIS OS pays $200,000, while RCE flaws earn up to $400,000.

Local code execution on Rich OS, the primary operating system on Samsung devices, pays $150,000, while RCEs on it reward a maximum of $300,000.

Another noteworthy payout is $100,000 for achieving remote arbitrary application installation from an unofficial marketplace or an attacker’s server or $60,000 if the app is installed from the Galaxy Store. Local arbitrary installations pay $50k and $30k, respectively.

To claim rewards, bug reports must include a buildable exploit that works without privileges consistently on the latest security update of flagship models such as the Galaxy S and Z series.

To claim the maximum rewards, the exploit must be persistent and a 0-click, meaning it requires no user interaction.

$830,000 paid in 2023

Today, Samsung also announced that in 2023, it paid 113 security researchers participating in its Mobile Security Rewards Program $827,925 for their submissions.

Since the program started in 2017, Samsung has paid over $4,900,000 in bug bounty rewards, with the highest being $120,000. The record payout last year was $57,190.

The launch of ISVP aims to break those records, providing strong incentives to garner reports for more critical issues impacting Samsung devices.

Kommentar verfassen Kommentieren abbrechen

London, GB

11:09 am, Jan. 22, 2025

4°C

L: 3° | H: 5°

Fühlt sich an wie 4°C° overcast clouds

Luftfeuchtigkeit: 91 %

Druck: 1005 mb

Wind: 2 mph

Windböe: 0 mph

UV-Index: 0

Niederschlag: 0 mm

Wolken: 100%

Regen Chance: 0%

Sichtbarkeit: 8 km

Sonnenaufgang: 7:52 am

Sonnenuntergang: 4:31 pm

TäglichStündlich

Tägliche VorhersageStündliche Vorhersage

Today 9:00 pm

3° | 5°°C 0 mm 0% 4 mph 91 % 1004 mb 0 mm/h

Tomorrow 9:00 pm

2° | 8°°C 1 mm 100% 16 mph 91 % 1005 mb 0 mm/h

Fr. Jan. 24 9:00 pm

6° | 10°°C 1 mm 100% 23 mph 90 % 1004 mb 0 mm/h

Sa. Jan. 25 9:00 pm

4° | 6°°C 0.93 mm 93% 9 mph 86 % 1012 mb 0.17 mm/h

So. Jan. 26 9:00 pm

5° | 7°°C 0.9 mm 90% 13 mph 89 % 1011 mb 0 mm/h

Today 12:00 pm

4° | 4°°C 0 mm 0% 3 mph 91 % 1004 mb 0 mm/h

Today 3:00 pm

4° | 5°°C 0 mm 0% 3 mph 85 % 1004 mb 0 mm/h

Today 6:00 pm

4° | 4°°C 0 mm 0% 4 mph 87 % 1003 mb 0 mm/h

Today 9:00 pm

3° | 3°°C 0 mm 0% 4 mph 89 % 1004 mb 0 mm/h

Tomorrow 12:00 am

3° | 3°°C 0 mm 0% 5 mph 88 % 1004 mb 0 mm/h

Tomorrow 3:00 am

2° | 2°°C 0 mm 0% 6 mph 89 % 1005 mb 0 mm/h

Tomorrow 6:00 am

2° | 2°°C 0 mm 0% 6 mph 91 % 1005 mb 0 mm/h

Tomorrow 9:00 am

4° | 4°°C 0 mm 0% 9 mph 90 % 1003 mb 0 mm/h

Name	Preis	24H (%)
Bitcoin(BTC)	€100,617.86	2.00%
Ethereum(ETH)	€3,164.83	0.23%
XRP(XRP)	€3.02	1.94%
Fesseln(USDT)	€0.96	0.10%
Solana(SOL)	€243.76	6.42%
Dogecoin(DOGE)	€0.349523	5.61%
USDC(USDC)	€0.96	0.00%
Shiba Inu(SHIB)	€0.000019	1.35%
Pepe(PEPE)	€0.000015	3.05%
Peanut das Eichhörnchen(PNUT)	€0.352337	0.65%

Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault

Teilen:

Highlighted payouts

$830,000 paid in 2023

Kommentar verfassen Kommentieren abbrechen

Verbindung zum Dienstprogramm

Nützlicher Link

Newsletter

Folgen Sie uns