A Samsung launched a new rewards program called “Important Scenario Vulnerability Program (ISVP)”, with prizes of up to $1 million to anyone who finds critical vulnerabilities on your systems and devices.
The main focus is on security flaws that could allow the execution of arbitrary code, as well as vulnerabilities that facilitate the unlocking of devices without authorization. In addition, special attention is given to loopholes that could lead to the unauthorized extraction of sensitive data and also to those that allow the unwanted installation of applications on systems.
Reward value increases with severity of failure
The top prize of $1 million is for whoever finds out Remote Code Executions (RCE) affecting Knox VaultSamsung’s security area for sensitive information. For local code execution flaws in Knox Vault, the reward is $300,000. In the TEEGRIS operating system, the rewards are up to $400,000 for remote RCE and $200,000 for local.
On Rich OS, the main operating system on Samsung devices, local exploits can be worth $150,000, while remote exploits can be worth $300,000. Completely exfiltrating user data on the first unlock of the device can fetch $400,000, and half that amount after the first unlock.
There are also $100,000 prizes for remote installation of apps from unofficial sources and $60,000 if it’s through the Galaxy Store. For local installations, the amounts are $50,000 and $30,000, respectively.
How do I try?
To be eligible for the rewards, you must demonstrate a successful attack on high-end Samsung devices, such as the Galaxy S and Z series, with the latest security update installed and no user interaction (0-click).
In 2023, Samsung paid out $827,925 to 113 researchers through its Mobile Security Rewards program. Since 2017, more than $4.9 million has been distributed in rewards. With ISVP, Samsung hopes to increase these numbers and incentivize the detection of critical vulnerabilities that could affect its devices.
So if you have programming knowledge and know how to look for security holes, this could be a good opportunity to make some extra cash.
Sources: Android Headlines, Sam Mobile e Samsung
Source: https://www.hardware.com.br/noticias/ganhe-1-milhao-vulnerabilidades.html
