1. Home
  2. >
  3. Industry
  4. >

Samsung Launches ISVP Bug Bounty Program with High Rewards

By:Lucas

TapTechNews August 7th news, in order to enhance the security of its Galaxy devices, Samsung has launched a全新的 ISVP bug bounty program, with the highest bounty amount reaching 1 million US dollars (TapTechNews note: currently about 7.154 million Chinese yuan).

The full name of ISVP is ImportantScenarioVulnerabilityProgram, which directly translates to Important Scenario Vulnerability Program, mainly focusing on vulnerabilities related to arbitrary code execution, unlocking devices, data extraction, arbitrary application installation, and bypassing device protection.

Samsung Launches ISVP Bug Bounty Program with High Rewards_0

High Bounty

KnoxVault

KnoxVault is an isolated secure environment used by Samsung to store sensitive biometric information and encryption keys on mobile devices.

If a security expert reports a local arbitrary execution vulnerability on a Samsung device, a reward of 300,000 US dollars can be obtained, while a remote code execution (RCE) can get 1 million US dollars.

TEEGRIS OS

TEEGRIS OS is Samsung's trusted execution environment (TEE) operating system, which provides a secure environment isolated from the main operating system for executing sensitive code and processing key data, such as payments and authentication.

A security expert can get 200,000 US dollars for local arbitrary code execution on the TEEGRIS operating system, and up to 400,000 US dollars for RCE flaws.

RichOS

Executing local code on the main operating system RichOS of Samsung devices can get a reward of 150,000 US dollars, while executing RCE on RichOS can get a maximum reward of 300,000 US dollars.

Samsung Launches ISVP Bug Bounty Program with High Rewards_1

Unlocking

A vulnerability that combines device unlocking with complete user data extraction, Samsung will pay 400,000 US dollars, and if it is achieved after the first unlocking, half the amount will be paid.

Application Installation

Getting 100,000 US dollars for installing a remote arbitrary application from a non-official market or an attacker's server, while getting 60,000 US dollars for installing an application from the Galaxy Store. The bonuses for local arbitrary installation are 50,000 US dollars and 30,000 US dollars respectively.

2023 Samsung Has Paid a Total of 830,000 US Dollars

Samsung also announced today that in 2023, it has paid a total of 827,925 US dollars in rewards to 113 security researchers participating in its mobile security rewards program.

Samsung Launches ISVP Bug Bounty Program with High Rewards_2

Since the launch of this program in 2017, Samsung has paid more than 4.9 million US dollars in bug bounty rewards, with the highest amount being 120,000 US dollars; the highest record paid last year was 57,190 US dollars.

Samsung ISVP Bug Bounty security

Likes