Samsung Mobile Security Bug Bounty Programme Announced With Rewards Up to $200,000

Samsung Mobile Security Bug Bounty Programme Announced With Rewards Up to $200,000


  • Samsung will offer up to $200,000 in rewards
  • The programme covers roughly 38 Samsung devices
  • It is also including vulnerabilities in Bixby, Samsung Pay, and others

Following in Google’s and Microsoft’s footsteps, Samsung has now announced a bug bounty programme of its own. The South Korean giant is offering up to $200,000 (roughly Rs. 1.2 crores) to anyone, especially researchers who can spot vulnerabilities in its products. This is in line with rewards offered by the likes of Apple, Facebook, and Twitter in the past.

Samsung’s Mobile Security Rewards Program covers roughly 38 Samsung mobiles and tablets including the latest Galaxy S8, Galaxy S8+, Galaxy Note 8, and the Tab S3, among others that are eligible for rewards. Note that Android and Qualcomm vulnerabilities found in Samsung devices will fall under Google’s and Qualcomm’s bug bounty programmes, respectively and not Samsung’s.

“As a leading provider of mobile devices and experiences, Samsung recognizes the importance of protecting users’ data and information, and prioritizes security in the development of each of its products and services,” said Injong Rhee Executive Vice President and Head of R&D, Software and Services of the Mobile Communications Business at Samsung Electronics in a post. “As part of our commitment to security, Samsung is proud to work in close partnership with the security research community to ensure that all of our products are monitored closely and continually for any potential vulnerabilities.”

Apart from Samsung devices, the company is also including vulnerabilities in Bixby, Samsung Pay, Samsung Account, Samsung Pass, and other services. The reward starts from $200 and goes up to $20,000 depending on the severity of the vulnerability detected and the researcher’s “ability to provide proof of concept.” According to the terms and conditions, researchers are required to identify an exploit that can compromise the device without the need for a physical connection or third-party app.

Microsoft in July as part of its Vulnerability Rewards Program in 2016. Notably, Samsung’s bug bounty programme comes following a report in April that found as many as 40 unknown zero-day vulnerabilities in Samsung’s own Tizen OS