Samsung Electronics has announced a major enhancement to its Mobile Security Rewards Program, significantly increasing the maximum reward amount to $1 million for eligible security vulnerability reports. This move, which underscores the company’s ongoing commitment to cybersecurity, aims to foster greater collaboration with the global security community in identifying and addressing vulnerabilities in Samsung’s mobile ecosystem.
Originally launched in 2017, the Mobile Security Rewards Program has become a cornerstone of Samsung’s efforts to ensure the security of its devices, services, and user data. The expanded reward structure is part of Samsung’s broader strategy to stay ahead of increasingly sophisticated cyber threats, with the company actively encouraging researchers, ethical hackers, and cybersecurity experts to participate in uncovering potential risks.
The new $1 million reward is part of a specialized initiative called the Important Scenario Vulnerability Program, designed to address the most critical and high-impact vulnerabilities. This includes issues such as arbitrary code execution on privileged system components, full device unlock, user data extraction, arbitrary app installations, and bypassing device protection mechanisms. By offering such a substantial reward, Samsung is signaling the importance it places on swiftly identifying and mitigating the most severe security threats before they can impact users.
“Our cybersecurity landscape is becoming increasingly complex, with attacks that are more difficult to detect and mitigate,” said Justin Choi, Corporate Vice President and Head of the Security Team at Samsung Electronics. “The security community plays a pivotal role in helping us identify these vulnerabilities early and address them effectively. We are proud to expand the rewards available to them, as their contributions are critical to ensuring the safety and privacy of our customers.”
In conjunction with the reward increase, Samsung has revamped its Mobile Security Risk Classification system. This updated framework now categorizes vulnerabilities with greater precision, offering clearer guidance on the severity of identified risks. The system divides vulnerabilities into five categories—Critical, High, Moderate, Low, and Ineligible—based on their security impact and the likelihood of exploitation.
In addition to these categories, the classification system includes new criteria such as downgrade factors, which allow the severity level to be lowered if certain conditions are met, and the Ineligible classification for low-impact vulnerabilities. This enhanced transparency aims to make the vulnerability reporting process more straightforward and to help researchers better understand how their submissions are evaluated.
“The updated Mobile Security Risk Classification provides a more detailed and publicly accessible system for evaluating vulnerabilities, offering security researchers a clearer understanding of how their findings align with our internal assessments,” said Choi.
The program covers all Samsung mobile devices currently receiving security updates, including those that get monthly, quarterly, and biannual patches. Additionally, it now includes Samsung’s broader ecosystem of services such as Samsung Wallet, Samsung Account, and Bixby, among others. This expansion ensures that Samsung’s entire mobile experience is continuously scrutinized for potential vulnerabilities.
As part of its ongoing commitment to transparency, Samsung also released its first-ever Annual Rewards Program Report in August 2024. The report highlights the success and impact of the program since its launch, including the awarding of over $800,000 to 113 researchers in 2023 alone. Since its inception, Samsung has paid out more than $4 million to security experts globally, demonstrating the program’s substantial role in strengthening the security of Samsung devices.
“The Mobile Security Rewards Program is a testament to our proactive approach to cybersecurity,” said Choi. “By partnering with the global security community, we continue to improve the security of our products and services, ensuring that our customers’ data is protected in an ever-changing threat landscape.”
Looking Ahead: A Continued Commitment to Security
The Mobile Security Rewards Program remains an essential component of Samsung’s broader security strategy, which includes a commitment to providing up to seven years of security updates for eligible mobile devices. The company’s focus on a collaborative, transparent, and proactive approach to mobile security reflects the growing importance of cybersecurity in today’s interconnected world.
Samsung’s increased rewards, expanded coverage, and enhanced risk classification system are part of its ongoing efforts to stay at the forefront of mobile security. The company continues to encourage participation from ethical hackers, security researchers, and independent experts worldwide to join forces in identifying vulnerabilities and strengthening the security of Samsung devices.
For more information about the Mobile Security Rewards Program, including eligibility and submission guidelines, visit the Samsung Mobile Security page.
About the Author
