With the growing number of cyber attacks and data breaches, a number of tech companies and organisations have started Bug Bounty programs for encouraging hackers, bug hunters and researchers to find and responsibly report bugs in their services and get rewarded.
Samsung is the latest in the list of tech companies to launch a bug bounty program, announcing that the South Korean electronics giant will offer rewards of up to $200,000 to anyone who discovers vulnerabilities in its mobile devices and associated software.
Dubbed Mobile Security Rewards Program, the newly-launched bug bounty program will cover 38 Samsung mobile devices released from 2016 onwards which currently receive monthly or quarterly security updates from the company.
So, if you want to take part in the Samsung Mobile Security Rewards Program, you have these devices as your target—the Galaxy S, Galaxy Note, Galaxy A, Galaxy J, and the Galaxy Tab series, as well as Samsung’s flagship devices, the S8, S8+, and Note 8.
“We take security and privacy issues very seriously; and as an appreciation for helping Samsung Mobile improve the security of our products and minimizing risk to our end-consumers, we are offering a rewards program for eligible security vulnerability reports,” the company explains on its bug bounty website.
“We look forward to your continued interests and participations in our Samsung Mobile Security Rewards Program. Through this rewards program, we hope to build and maintain valuable relationships with researchers who coordinate disclosure of security issues with Samsung Mobile.”
Not just mobile devices, the tech giant’s Mobile Services suite is also part of its bug bounty program, which will also cover apps and services such as Bixby, Samsung Account, Samsung Pay, Samsung Pass, among others.
For the eligibility of a reward, researchers and bug hunters need to provide a valid proof-of-concept (PoC) exploit that can compromise a Samsung handset without requiring any physical connection or third-party application.
The company will evaluate the reward depending on the severity level of the vulnerability (Critical, High, Moderate, and Low) and its impact on devices. The least reward is $200, which is for low-severity flaws, while the highest reward is $200,000, which is for critical bugs.
The Higher reward will be offered for bugs that lead to trusted execution environment (TEE) or Bootloader compromise. The level of severity will be determined by Samsung.
Samsung’s bounty of $200,000 is equal to the bounty reward offered under Apple’s bug bounty program but is slightly lower than Microsoft’s newly launched bounty program that offers $250,000 for Windows 10 security bugs.
Following the path of major tech companies, the non-profit group behind Tor Project recently joined hands with HackerOne to launch its own bug bounty program, with the highest payout for the flaws has been kept $4,000.
So, what you are waiting for? Hunt for bugs in Samsung products and submit your findings to the company via the Security Reporting page.