Samsung Electronics announced the enhancement of its Mobile Security Rewards Program, increasing the maximum reward amount to $1 million for eligible security vulnerability reports received from the external security community. This is part of Samsung’s ongoing efforts to foster transparency and increased collaboration in mobile security, with the criteria of the program laid out in the Samsung Mobile Security Risk Classification, which now includes additional classification factors.
Alongside this, Samsung has also published its first security-focused Annual Rewards Program Report, showcasing the most significant highlights since the project’s launch and emphasizing the crucial role of the program’s participants. The Mobile Security Rewards Program complements Samsung’s current offering of up to seven years of security updates,1 highlighting the company’s commitment to user device safety.
“With cybersecurity attacks becoming increasingly intelligent and more challenging to identify, we actively encourage participation from the security community in finding these threats,” said Justin Choi, Corporate VP & Head of Security Team, Mobile eXperience Business at Samsung Electronics. “Their support helps us to ensure our products are continuously monitored for potential vulnerabilities, enabling us to constantly enhance the protection of our customers. It is critically important that this protection is provided and that user data and information are safeguarded, which is why we prioritize security throughout all our products and services.”
Originally launched in 2017, the program embodies Samsung’s commitment to openness and a collective approach to enhancing mobile security. By collaborating with a wide range of global experts — including cybersecurity researchers, ethical hackers and independent security professionals — the program follows a strategic, systematic and proactive strategy to identify and address vulnerabilities, reinforcing the security of users’ mobile experiences.
The maximum reward of $1 million is part of the newly introduced Important Scenario Vulnerability Program. This initiative focuses on the most severe attack scenarios and vulnerabilities, including arbitrary code execution on highly privileged targets; device unlock and full user data extraction; arbitrary application installations; and bypass of device protection solutions. Partnering with the security community not only reinforces Samsung’s dedication toward a transparent, collaborative framework that continuously adapts to emerging risks, but also speeds up the detection and resolution of these potential critical threats.
Increased Transparency of Rewards Program Criteria
Samsung Mobile Security Risk Classification now offers a more detailed and publicly accessible system for categorizing vulnerabilities, incorporating new considerations such as downgrade factors, which allow a threat’s severity level to be lowered, and an ineligible classification, for threats determined to pose minimal security concerns. The system assigns severity levels based on security risk and impact across five categories: Critical, High, Moderate, Low, and Ineligible or Less-Than-Low Security Impact. This comprehensive approach provides clear guidance for both participants and the broader security community, offering a more structured framework for vulnerability reporting. Additionally, it outlines the conditions affecting the reward qualification and amount.
The program covers all of Samsung’s mobile devices currently receiving monthly, quarterly and biannual security updates. In addition, the program will reward eligible submissions for potential vulnerabilities in the latest Samsung Galaxy services, including Bixby, Samsung Account and Samsung Wallet, among others.
Samsung Releases Inaugural Program Report
In August 2024, Samsung published its first security-focused Annual Rewards Program Report, summarizing the most significant highlights since the project’s launch in 2017. Highlights include the awarding of over $800,000 to 113 researchers in 2023 alone and a total of more than $4 million in rewards paid out by Samsung to security experts around the world to date, underscoring the crucial role of the program’s participants.