Samsung Electronics Scales Up Mobile Security Rewards Programme To Boost Industry Collaboration and Commitment

Enhanced program emphasizes Samsung’s commitment to user protection with increased rewards of up to $1 million for reporting threats, as well as clearer risk classifications and a more structured process

LONDON, U.K. – November 21, 2024 – Samsung Electronics Co., Ltd announced the enhancement of its Mobile Security Rewards Program, increasing the maximum reward amount to $1 million for eligible security vulnerability reports received from the external security community. This is part of Samsung’s ongoing efforts to foster transparency and increased collaboration in mobile security, with the criteria of the programme laid out in the Samsung Mobile Security Risk Classification which now includes additional classification factors.

Alongside this, Samsung has also published its first security-focused Annual Rewards Programme Report, showcasing the most significant highlights since the project’s launch and emphasising the crucial role of the programme’s participants. The Mobile Security Rewards Programme complements Samsung’s current offering of up to seven years of security updates^[1], highlighting the company’s commitment to user device security.

“With cybersecurity attacks becoming increasingly intelligent and more challenging to identify, we actively encourage participation from the security community in finding these threats,” said Justin Choi, Corporate VP & Head of Security Team, Mobile eXperience Business at Samsung Electronics. “Their support helps us to ensure our products are continuously monitored for potential vulnerabilities, enabling us to constantly enhance the protection of our customers’ devices. It is critically important that this protection is provided and that user data and information are safeguarded, which is why we prioritise security throughout all our products and services.”

Originally launched in 2017, the programme embodies Samsung’s commitment to openness and a collective approach to enhancing mobile security. By collaborating with a wide range of global experts — including cybersecurity researchers, ethical hackers and independent security professionals — the programme follows a strategic, systematic and proactive strategy to identify and address vulnerabilities, reinforcing the security of users’ mobile experiences.

The maximum reward of $1 million is part of the newly introduced Important Scenario Vulnerability Programme. This initiative focuses on the most severe attack scenarios and vulnerabilities, including arbitrary code execution on highly privileged targets; device unlock and full user data extraction; arbitrary application installations; and bypass of device protection solutions. Partnering with the security community not only reinforces Samsung’s dedication toward a transparent, collaborative framework that continuously adapts to emerging risks, but also speeds up the detection and resolution of these potential critical threats.

Increased Transparency of Rewards Programme Criteria

Samsung Mobile Security Risk Classification now offers a more detailed and publicly accessible system for categorising vulnerabilities, incorporating new considerations such as downgrade factors, which allow a threat’s severity level to be lowered, and an ineligible classification, for threats determined to pose minimal security concerns. The system assigns severity levels based on security risk and impact across five categories: Critical, High, Moderate, Low, and Ineligible or Less-Than-Low Security Impact. This comprehensive approach provides clear guidance for both participants and the broader security community, offering a more structured framework for vulnerability reporting. Additionally, it outlines the conditions affecting the reward qualification and amount.

The programme covers all of Samsung’s mobile devices currently receiving monthly, quarterly and biannual security updates. In addition, the programme will reward eligible submissions for potential vulnerabilities in the latest Samsung Galaxy services, including Bixby, Samsung Account and Samsung Wallet, among others.

Samsung Releases Inaugural Program Report

In August 2024, Samsung published its first security-focused Annual Rewards Programme Report, summarising the most significant highlights since the project’s launch in 2017. Highlights include the awarding of over $800,000 to 113 researchers in 2023 alone and a total of more than $4 million in rewards paid out by Samsung to security experts around the world to date, underscoring the crucial role of the program’s participants.

The Mobile Security Rewards Program is effective immediately. For additional information, including terms and conditions, please visit the Samsung Mobile Security page.

[1] Timing and availability of security maintenance releases for Samsung Galaxy devices may vary by market, network provider and/or model.