Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault


Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios.

The new ‘Important Scenario Vulnerability Program (ISVP)’ program focuses on vulnerabilities related to arbitrary code execution, the unlocking of devices, data extraction, arbitrary application installation, and bypassing device protections.

Highlighted payouts

Knox Vault is Samsung’s isolated secure environment for storing sensitive biometric information and cryptographic keys on mobile devices. Reports achieving local arbitrary execution on Samsung devices receive $300,000, while remote code execution (RCE) rewards $1,000,000.

TEEGRIS OS is Samsung’s Trusted Execution Environment (TEE) operating system, which provides a secure, isolated environment from the main OS to execute sensitive code and process critical data, such as payments and authentication.

Local arbitrary code execution on TEEGRIS OS pays $200,000, while RCE flaws earn up to $400,000.

Local code execution on Rich OS, the primary operating system on Samsung devices, pays $150,000, while RCEs on it reward a maximum of $300,000.

The highest payouts in ISVP
The highest payouts in ISVP
Source: Samsung

Device unlocks combined with full user data extraction pay $400,000, or half the amount if achieved after the first unlock.

Another noteworthy payout is $100,000 for achieving remote arbitrary application installation from an unofficial marketplace or an attacker’s server or $60,000 if the app is installed from the Galaxy Store. Local arbitrary installations pay $50k and $30k, respectively.

To claim rewards, bug reports must include a buildable exploit that works without privileges consistently on the latest security update of flagship models such as the Galaxy S and Z series.

To claim the maximum rewards, the exploit must be persistent and a 0-click, meaning it requires no user interaction.

$830,000 paid in 2023

Today, Samsung also announced that in 2023, it paid 113 security researchers participating in its Mobile Security Rewards Program $827,925 for their submissions.

Since the program started in 2017, Samsung has paid over $4,900,000 in bug bounty rewards, with the highest being $120,000. The record payout last year was $57,190.

The launch of ISVP aims to break those records, providing strong incentives to garner reports for more critical issues impacting Samsung devices.



Source link