Samsung’s mobile bug bounty program pays up to $200,000
It's reaching out to the security community for help finding exploits.
Samsung is the latest in a long line of tech titans to announce its very own bug bounty program. As its title suggests, the newly-launched Mobile Security Rewards Program will pay users for reporting vulnerabilities in the company's latest firmware. If you spot a weakness, and back it up with solid research, you could pocket up to $200,000. That's in line with the sums offered by the likes of Google (for Android) and Apple. Like those companies (along with Microsoft, Facebook, and Twitter), the rewards program sees Samsung reaching out to researchers to help squash bugs.
Now, before you unleash your inner black-hat hacker on a Samsung Galaxy S8, there are some finer details you should be aware of. Firstly, the program isn't just limited to the Korean manufacturer's latest devices. It encompasses a range of handsets and tablets released from 2016 onwards (roughly 38 devices in total). In order to qualify for a cash prize, you'll be required to identify an exploit that can compromise a handset without the need for a physical connection or third-party app. Bounties are also available for unearthing flaws in other Samsung services, including its Bixby digital assistant, Samsung account, Samsung Pay, and Samsung Pass.
The company already has a bug bounty program in place for its Smart TVs. And, earlier this year, it received a wake up call regarding its Tizen mobile OS, after a researcher discovered 40 unpatched exploits in its system.
Although bug bounties aren't a cure-all for security, they're viewed by some corporations as a positive strategy. Google, which forked out millions in rewards in January, claims they help it to make products safer. And, it says, they encourage the wider security research community to report flaws to the source, instead of exploiting them for their own gain.
