PCR Tech and IT retail, distribution and vendor news
Samsung is on the lookout for bug bounty hunters. The mobile division of the tech giant is the latest major vendor to start up a bug bounty program, offering rewards of up to $200,000 for researchers who are able to offer fixes.
The bounty – ranging from $20,000 to $200,000 – applies only to new devices. A total of 38 mobile devices launched since 2016 are on the list, including Galaxies S, Note, A, J, and Tab, and the top-of-the-line the S8, S8+, and Note 8. Samsung is also eager for engineers to prize open its branded services like voice-assistant Bixby and its Pay service. All application signed by Samsung Mobile and third-party packages are also up for grabs. (Only currently active services and fully-updated applications are eligible, and third-party app vulnerabilities have to be Samsung-specific.)
Debugger-level attacks (which demand physical access and/or jailbroken devices) are excluded, as are low-probability attacks, phishing or clickjacking. In order to qualify for the bounty, the attacker has to submit their exploit as well as the bug report.
Samsung is not alone in offering huge sums for bug fixes. Earlier this year, Microsoft launched its new Windows Bounty Program. Microsoft has previously paid out $100,000 for Windows 8.1 bugs, and this new scheme will see the software giant pay out far more for serious Hyper-V flaws in Windows 10 or Windows Server operating systems.
Microsoft will now reportedly pay up to $250,000 for fixes to severe Hyper-V vulnerabilities, and security bugs in Microsoft Edge or Windows 10 preview builds will fetch up to $15,000. “Security is always changing and we prioritize different types of vulnerabilities at different points in time,” a Microsoft spokesperson said. “Microsoft strongly believes in the value of the bug bounties, and we trust that it serves to enhance our security capabilities.”
