Samsung
Samsung takes its security pretty seriously and it has now taken it up as a challenge. It has now asked hackers to come check its defence system. And for this, it has put up a Rs 8,39,60,550 (converted from USD) bounty. Basically, this program has been launched to fortify the Knox Vault, a critical security feature in its Galaxy S and Z series smartphones.
The reward was announced on August 6. It targets vulnerabilities that allow for remote, zero-click attacks on Knox Vault. The Knox Vault stores sensitive credentials and other secure data. This program specifically looks for remote exploits that require no user interaction.
Companies mostly run these bug bounty initiatives as they have been pretty successful in the past. In 2023, the South Korean tech giant paid out $827,925 to 113 researchers, with individual rewards reaching up to $57,190. However, this new $1 million offer is bigger than any previous bounties.
If you wish to claim the bounty of over 8 crores, then you must deliver a report demonstrating a successful remote, zero-click exploit against Knox Vault. The report must meet several criteria: it must be a buildable exploit that works with the latest security updates, and it must execute without requiring additional privileges. Successful submissions must also show access to credential-related data within Knox Vault.
If you are one of those who are interested in this program, then you can submit your findings through Samsung’s official report ticketing system. Email submissions will not work for the reward. Participants will also need a Samsung Account to submit their reports.
Let’s see if there are hackers out there who can surpass Samsung’s Knox Vault and take home the bounty price.