Samsung offers $1 million reward if you find serious issues in its operating system: Learn more

Want to make millions and help companies find problems in their software? Well, that’s exactly what Samsung is offering bug hunters. The company has introduced a new bug bounty program that will award significant rewards to researchers who find security holes and vulnerabilities in the company’s software as part of its Mobile Security Program.

According to a blog post by Samsung, security researchers, as well as others, can make money by finding various types of security holes and vulnerabilities related to executing arbitrary code against privileged targets on their system. This includes things like data exfiltration, device unlocking, performing arbitrary app installation, or bypassing device security.

Depending on the severity of the vulnerability and the importance of the project, the company has increased the rewards of the bug bounty program to $1 million. The largest reward of $1 million can be obtained by hacking the latest Knox Vault and executing remote code on Samsung’s hardware security system. Knox Vault is the company’s isolated secure environment for storing cryptographic keys and sensitive biometric information on mobile devices.

Besides, unlocking the device again after the first one will bring a bug bounty of $200,000 (around Rs 1 crore). However, up to $400,000 will be awarded if someone unlocks the device and completely extracts the user’s data without first unlocking the phone.

The reward increases to $60,000 (approx. Rs. 50,000) and $30,000 (approx. Rs. 25,000) if researchers manage to install the app from the Galaxy Store remotely, while if ethical hackers install apps from sources other than the Galaxy Store, they can earn $100,000 and $50,000 (approx. Rs. 4 lakhs), respectively.

The brand also claims that the report presents a successful attack targeting important scenarios. Talking about the eligibility criteria, researchers must include an exploit that successfully targets one or more of the defined important scenarios to qualify for the Good Report Bonus. Additionally, the exploit must be effective against the latest security updates of the latest flagship Galaxy Z and S series devices. It should be executable without the need for elevated privileges.

In addition, researchers must include the prefix (ISVP) in the title of their report to join the awards program.

The tech giant also said it has paid nearly $5 million (Rs 360 million) under a bug bounty program launched in 2017.