If you are a bug hunter then this news will definitely delight you as Samsung is offering bug hunters who want to earn millions and help companies find issues in their software.
One Million Reward As Bug bounty
In the latest update, the software service provider has come out with a new bug bounty programme.
Samsung will award significant prizes to researchers who spot security flaws and vulnerabilities in the company’s software under this Mobile Security Program.
It appears that the security researchers as well as others can mint money by finding different types of security flaws and vulnerabilities related to Arbitrary Code Execution on privileged targets in their system, as mentioned in a blog post by Samsung.
This program will consider things including data extraction, unlocking devices, executing arbitrary application installation, or bypassing the device’s security.
Now, the company has increased the rewards of the bug bounty program to a million dollars considering the severity of the vulnerability and the project’s importance.
How To Get This Reward?
So, if you are willing to earn the top $1 million reward, it can be earned by hacking the latest Knox Vault and executing a remote code in the hardware security system of the Samsung.
Here mentioned Knox Vault is the company’s isolated secure environment which stores cryptographic keys and sensitive biometric information on mobile devices.
If you are wondering about the process, a subsequent device unlocks after the first unlock will get them a bug bounty reward of $200,000 (Rs 1 crore approx).
But, the hacker can get up to $400,000 if anyone unlocks devices and extracts user data completely without the phone being unlocked earlier.
Aging these rewards can get bumped up to $60,000 ( Rs 50,000 approx) and $30,000 (Rs 25,000 approx) if researchers manage to install an application from the Galaxy Store remotely.
All in all, if ethical hackers install apps from sources other than the Galaxy Store, they could earn up to $100,000 and $50,000 (around Rs 4 lakhs).
Further, the brand said that the report showcases a successful attack targeting important scenarios.
When it comes to the eligibility criteria, the researchers must include an exploit that successfully targets one or more of the defined important scenarios to qualify for the Good Report Bonus.
It is noteworthy here that the exploit must be effective on the latest security updates of the latest flagship Galaxy Z and S series devices.
And also it should be executable without needing elevated privileges.
For the researchers, they must include the prefix [ISVP] in their report title to join the program when submitting through the rewards programme.
This is not the first time, prior to this the tech giant has paid nearly $5 million (Rs 36 crore) through the bug bounty program it launched in 2017.