Enhanced program emphasizes Samsung\u2019s commitment to user protection with increased rewards of up to $1 million for reporting threats, as well as clearer risk classifications and a more structured process<\/h3>\n
![\"\"](\"https:\/\/img.global.news.samsung.com\/uk\/wp-content\/uploads\/2024\/11\/Samsung-Mobile-Security-1024x683.jpg\")
<\/p>\n
LONDON, U.K. \u2013 November 21, 2024 \u2013 <\/strong>Samsung Electronics Co., Ltd announced the enhancement of its Mobile Security Rewards Program, increasing the maximum reward amount to $1 million<\/strong> for eligible security vulnerability reports received from the external security community. This is part of Samsung\u2019s ongoing efforts to foster transparency and increased collaboration in mobile security, with the criteria of the programme laid out in the Samsung Mobile Security Risk Classification\u00a0<\/a><\/span>which now includes additional classification factors.<\/p>\n \u00a0<\/p>\n Alongside this, Samsung has also published its first security-focused Annual Rewards Programme Report, showcasing the most significant highlights since the project\u2019s launch and emphasising the crucial role of the programme\u2019s participants. The Mobile Security Rewards Programme complements Samsung\u2019s current offering of up to seven years of <\/strong>security updates<\/strong><\/a><\/span>[1]<\/sup><\/span><\/span><\/a>, highlighting the company\u2019s commitment to user device security.<\/p>\n \u00a0<\/p>\n \u201cWith cybersecurity attacks becoming increasingly intelligent and more challenging to identify, we actively encourage participation from the security community in finding these threats,\u201d said Justin Choi, Corporate VP & Head of Security Team, Mobile eXperience Business at Samsung Electronics. \u201cTheir support helps us to ensure our products are continuously monitored for potential vulnerabilities, enabling us to constantly enhance the protection of our customers\u2019 devices. It is critically important that this protection is provided and that user data and information are safeguarded, which is why we prioritise security throughout all our products and services.\u201d<\/p>\n \u00a0<\/p>\n Originally launched in 2017, the programme embodies Samsung\u2019s commitment to openness and a collective approach to enhancing mobile security. By collaborating with a wide range of global experts \u2014 including cybersecurity researchers, ethical hackers and independent security professionals \u2014 the programme follows a strategic, systematic and proactive strategy to identify and address vulnerabilities, reinforcing the security of users\u2019 mobile experiences.<\/p>\n \u00a0<\/p>\n The maximum reward of $1 million is part of the newly introduced <\/strong>Important Scenario Vulnerability Program<\/strong><\/a><\/span>me<\/strong><\/span><\/a>. This initiative focuses on the most severe attack scenarios and vulnerabilities, including arbitrary code execution on highly privileged targets; device unlock and full user data extraction; arbitrary application installations; and bypass of device protection solutions. Partnering with the security community not only reinforces Samsung\u2019s dedication toward a transparent, collaborative framework that continuously adapts to emerging risks, but also speeds up the detection and resolution<\/a><\/span> of these potential critical threats.<\/p>\n \u00a0<\/p>\n \u00a0<\/p>\n Samsung Mobile Security Risk Classification<\/a><\/span> now offers a more detailed and publicly accessible system for categorising vulnerabilities, incorporating new considerations such as downgrade factors, which allow a threat\u2019s severity level to be lowered, and an ineligible classification, for threats determined to pose minimal security concerns. The system assigns severity levels based on security risk and impact across five categories: Critical, High, Moderate, Low, and Ineligible or Less-Than-Low Security Impact. This comprehensive approach provides clear guidance for both participants and the broader security community, offering a more structured framework for vulnerability reporting. Additionally, it outlines the conditions affecting the reward qualification and amount<\/a><\/span>.<\/p>\n \u00a0<\/p>\n The programme covers all of Samsung\u2019s mobile devices currently receiving monthly, quarterly and biannual security updates. In addition, the programme will reward eligible submissions for potential vulnerabilities in the latest Samsung Galaxy services, including Bixby, Samsung Account and Samsung Wallet, among others.<\/p>\n \u00a0<\/p>\n \u00a0<\/p>\n In August 2024, Samsung published its first security-focused Annual Rewards Programme Report<\/a><\/span>, summarising the most significant highlights since the project\u2019s launch in 2017. Highlights include the awarding of over $800,000 to 113 researchers in 2023 alone and a total of more than $4 million in rewards paid out by Samsung to security experts around the world to date, underscoring the crucial role of the program\u2019s participants.<\/p>\n \u00a0<\/p>\n The Mobile Security Rewards Program is effective immediately. For additional information, including terms and conditions, please visit the Samsung Mobile Security<\/a><\/span> page.<\/p>\n \u00a0<\/p>\nIncreased Transparency of Rewards Programme Criteria<\/strong><\/h3>\n
Samsung Releases Inaugural Program Report<\/strong><\/h3>\n