close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Post

Security Post

  • Announcement

    Annual Report in 2023 and New Announcements

    Jasper Park, Lead of PSIRT at Samsung Mobile Security 06 Aug 2024
    1. It has been more than 6 years since we officially launched Samsung Mobile Security Rewards Program, and today, we are finally releasing our first ever "Annual Report" for the Rewards Program.
    2. annual Report
    3. Although there have been many challenges and difficulties in running our Rewards Program, with the help of numerous security experts and communities around the world, it has been able to run our Rewards Program.
    4. The program was started with the goal of securing our products by receiving vulnerabilities that were not detected internally with external security communities' help. As we received more and more reports, and analyzed and rolled out patches for them, our products became securer and safer. Thanks to the assistance from our valuable researchers.
    6. After running the program for several years, the Biggest Lesson Learned is that Researchers are my dear and grateful friends who take their time to look at our products from various perspectives and help make them secure and safe.
    7. I sincerely appreciate your help, 감사합니다!
    9. With the help of our friends, our Rewards Program has continued to evolve, and as part of it, I will summarize a review of the program in 2023.
    Review of 2023
    1. Review of 2023
    2. Since starting our official Rewards Program in 2017, we have paid about $5 million. In 2023, we rewarded over $800,000 to 113 researchers.
      • Rewarded $827,925 to 113 researchers
      • The highest reward in one report was $57,190 by TASZK Security Labs.
      • The researcher with the highest total reward was also TASZK Security Labs.
      • The researcher with most reports was Oversecured Inc.
    4. Among all of dedicated my friends, there are two that deserve special appreciation.
      • TASZK Security Labs who helped us from long time ago was a researcher whose report received the highest single reward in 2023. There impressive researches helped secure our products against potential remote attacks. Although Exynos Baseband related reports became out of scope with our program and his reports involved chains with baseband, resulting in a reduction of the overall reward, it was still TASZK Security Labs who received the highest total payout in 2023.
      • Oversecured is one of our best friends, having submitted numerous valuable reports since their initial report with us back in 2021. In 2023, they reported the greatest number of valid reports. Their valuable researches have covered various targets including applications and frameworks, helping us towards securing diverse targets of and introducing novel types of vulnerabilities in our products. (they were also ranked as the top researcher who filed the most reports and received the highest total rewards in 2022.)
    7. We sincerely appreciate all of our friends who worked with us with the valuable findings. It was all thanks to your efforts that we were able to run this program and make our products and services more safe and secure to keep our customers from potential attacks.
    8. In order to collaborate better with our friends, we have continuously made efforts to listen to your voices. As a result, we have come to the conclusion that an update is required to work more closely with you and run a better Rewards Program.
    And we are now
    1. And we are now understanding the needed updates what we learned your voices of worries and complaints.
    2. We cannot emphasize enough how much we appreciate all the researchers for working with us and we hope to get greater interest from more security experts, researchers and Galaxy users.
    3. We fully understand that it may have become harder and harder to find vulnerabilities with the products, as we are working effortlessly for additional security features while releasing security patches as quickly as possible and as often as possible to keep our customers safer.
    4. So some may be discouraged to submit findings with a concern that it may be an inefficient research due to potentially low rewards compared to the efforts.
    5. And we also understood your concerns regarding the transparency of criteria and unpredictable reward amounts.
    6. Good news!
    7. We are very excited to announce the largest update we have ever done since releasing our Rewards Program.
    8. In order to encourage more researchers and users to participate in Samsung Mobile Security Rewards program, we have set new goals. Below is some of our initiatives to the find the best win-win path forward for Samsung and our friends as part of improving our program.
    As transparent as possible
    1. We have heard many voices stating difficulty in predicting the severity and reward amounts. So we are now sharing updates indicating clearer criteria of severity and factors used for rewards amount. And please also refer to the FAQ for most frequent inquiries and discussions.
    Don’t let your efforts go in vain
    1. We have tried to find ways to offer higher rewards for reports with high impact reports and high quality reports. And now we want to introduce our new Program and Bonus Rewards which provide extra reward and maximum amount covered by our program.
    2. Please refer to the Good Report Bonus and Important Scenario Vulnerability Program.
    AI Security
    1. We started a pilot rewards program for Samsung mobile AI Security.
    2. We hope to get your interest and active participation for Samsung Mobile AI Security. Since we are in early stage for this, working on setting up the policies for reports related to AI Security, your interests and researches will greatly help us to finalize our policies and standards.
    1. We want your continuous interest in Samsung Mobile Security Rewards Program. Stay tuned!
    2. We are preparing additional programs, announcements, and events within 2024.
    4. I would like to express my gratitude to my friends, our valuable security researchers.
    5. And I sincerely appreciate for the efforts of my team, PSIRT at Samsung Mobile Security.
  • Announcement

    Important Scenario Vulnerability Program

    Samsung Mobile Security 06 Aug 2024
    1. We started running a program for the reports which prove critical attack scenarios which have significant impact on our products. If you find any vulnerabilities related to Arbitrary Code Execution on highly privileged targets, Unlocking devices, Full User Data extractions, Arbitrary application installation or Bypass of device protection solution, you are able to receive up-to $1,000,000 which is the maximum amount covered by our program.
    Requirements
    1. To join our Important Scenario Vulnerability Program, report must demonstrate a successful attack targeting Important Scenarios. Report can receive the maximum reward amount when it fully satisfy all of the factors below.
      • Report should fully meets Good Report Bonus
      • Report should include buildable exploit which proves successful attack targeting one or many of defined Important Scenarios
      • Exploit should work consistently on the latest Security Update of latest Flagship devices (Galaxy S and Z series)
      • Exploit should be executed without privileges
    3. To join in the program, please add the prefix [ISVP] to the title when submitting your report through our rewards program.
    Important Scenarios
    Arbitrary code execution on privileged targets
    1. TargetLocal ACERemote ACE
      Knox Vault~ $ 300,000~ $ 1,000,000
      TEEGRIS OS~ $ 200,000~ $ 400,000
      Rich OS~ $ 150,000~ $ 300,000
    2. ※ Full rewards for Knox Vault should meet all the requirements, and demonstrate accessing credential related data stored in Knox Vault.
      ※ Targeting TEEGRIS OS doesn’t include vulnerabilities of Trustlets. This target refers to Secure OS itself.
      ※ Rewards for targeting Rich OS depends on the escalated privileges and the functionality by ACE.
      ※ Full rewards for each targets should provide 0-click exploit with persistence.
    Device Unlock & Full User Data Extraction
    1. TargetAfter first unlockBefore first unlock
      Device Unlock
      + Full User Data Extraction      		~ $ 200,000~ $ 400,000
    2. ※ We will provide partial rewards for exploits which prove partial success of this target.
    Arbitrary Application Install
    1. TargetLocalRemote
      Application from Galaxy Store~ $ 30,000~ $ 60,000
      Arbitrary applications~ $ 50,000~ $ 100,000
    2. ※ Arbitrary application is an application from unofficial market place or attacker’s server.
    Bypass of Device Protection Solution
    1. TargetBypass
      Auto Blocker~ $ 100,000
    2. ※ Full rewards will be paid for exploits which prove fully bypassing Auto Blocker with persistence.
      ※ Targets for Bypass of Device Protection Solution will be updated irregularly.
  • Announcement

    Bonus Rewards

    Samsung Mobile Security 06 Aug 2024
    1. We offer bonus rewards for your valuable reports, if they qualify our expectations which greatly help us for working on the vulnerabilities.
    Good Report Bonus
    1. All reports should include the following mandatory items in order to be determined eligible.
      • Version information of affected products
      • Description of vulnerability, it should properly explain the practical security impact
      • Detailed steps to reproduce the report (if needed, including video, image and other ways)
    3. High quality report helps us for analyzing and understanding the vulnerability better, and this reduces the time for releasing patch to make users safe.
    4. After trying to find ways to offer higher rewards for reports with high impact reports and high quality reports, we are offering extra rewards for well-written reports with Good Report Bonus.
    5. It is recommended to submit high quality report.
    6. The more items report includes from the list below, the larger amount of Good Report Bonus will be paid out.
      • We are offering currently Good Report Bonus only for reports related to Android
      • Clear and detailed information for mandatory items
      • Root cause analysis and suggestion for remedy which clearly proves the impact
      • Providing buildable Proof of Concepts(PoC) which clearly demonstrates the vulnerability and outputs from the PoC
        ※ Bonus vary depending on how much has been proven by the PoC. If the PoC proves not only simple crash or error, but a practical security impact on the device, you may get higher bonus.
    8. If reports fully meet the conditions, you will receive Good Report Bonus equal to the original reward, resulting in a total payout of twice the reward.
    9. We are constantly researching to find new factors to provide more rewards for important vulnerabilities discovered by your valuable researches and efforts.
    10. We hope you continue to show your interest and participate in our program.
  • Announcement

    Announcing up to five (5) years support for Samsung Security Updates on select Galaxy devices

    Samsung Mobile Security 10 Feb 2022
    As part of our continued commitment to delivering the most up-to-date and secure mobile experience possible, select Galaxy devices within the Galaxy S Series, Z Series, A Series, tablets and Galaxy Watches will now receive up to five years of security updates.

    Eligible Galaxy devices with five years of security updates1 include:

    • - Galaxy S Series: Galaxy S22, S22+, S22 Ultra as well as Galaxy S21, S21+, S21 Ultra, S21 FE and upcoming S series devices
    • - Galaxy Z Series: Galaxy Z Fold3, Galaxy Z Flip3 and upcoming Z series devices
    • - Galaxy A Series: upcoming select A series devices
    • - Galaxy Tablets: Galaxy Tab S8, S8+, S8 Ultra and upcoming Tab S series devices
    • - Galaxy Watch: Galaxy Watch4, Galaxy Watch4 Classic and upcoming Galaxy Watch series devices

    For more information, please visit here.

    1 Availability of security update support may vary by device and market. Security update availability will depend on factors including but not limited to complexity of the update, hardware specifications, as well as chipset vendor and 3rd party’s support.
  • Announcement

    Announcing minimum four (4) years support for Samsung Security Updates

    Samsung Mobile Security 22 Feb 2021
    As part of our continued commitment to ensure timely protection from security vulnerabilities, Galaxy products launched since 2019, including the Z, S, Note, A, M, XCover and Tab series, will now receive at least four years of security updates delivered on a monthly, quarterly or biannual basis1.

    Eligible Galaxy devices include:

    • - Galaxy Foldable devices: Fold, Fold 5G, Z Fold2, Z Fold2 5G, Z Flip, Z Flip 5G
    • - Galaxy S series: S10, S10+, S10e, S10 5G, S10 Lite, S20, S20 5G, S20+, S20+ 5G, S20 Ultra, S20 Ultra 5G, S20 FE, S20 FE 5G, S21 5G, S21+ 5G, S21 Ultra 5G
    • - Galaxy Note series: Note10, Note10 5G, Note10+, Note10+ 5G, Note10 Lite, Note20, Note20 5G, Note20 Ultra, Note20 Ultra 5G
    • - Galaxy A series: A10, A10e, A10s, A20, A20s, A30, A30s, A40, A50, A50s, A60, A70, A70s, A80, A90 5G, A11, A21, A21s, A31, A41, A51, A51 5G, A71, A71 5G, A02s, A12, A32 5G, A42 5G
    • - Galaxy M series: M10s, M20, M30, M30s, M40, M11, M12, M21, M31, M31s, M51
    • - Galaxy XCover series: XCover4s, XCover FieldPro, XCover Pro
    • - Galaxy Tab series: Tab Active Pro, Tab Active3, Tab A 8 (2019), Tab A with S Pen, Tab A 8.4 (2020), Tab A7, Tab S5e, Tab S6, Tab S6 5G, Tab S6 Lite, Tab S7, Tab S7+

    For more information, please visit here.

    1 Availability of security update support may vary by device and market. Security update availability will depend on factors including but not limited to complexity of the update, hardware specifications, as well as chipset vendor and 3rd party’s support.
No Contents.
Archive