close

Samsung Mobile Security and Cookies

Our site uses essential cookies only. You can read our Privacy Policy and Cookie Policy for more information.

close

Samsung Mobile Security
Cookie Policy

Updated on Jan 17, 2022

This Cookie Policy describes the different types of cookies that may be used in connection with Samsung Mobile Security website which is owned and controlled by Samsung Electronics Co., Ltd (“Samsung Electronics”). This Cookie Policy also describes how you can manage cookies.

It’s important that you check back often for updates to the Policy as we may change it from time to time to reflect changes to our use of cookies. Please check the date at the top of this page to see when this Policy was last revised. Any changes to this Policy will become effective when we make the revised Policy available on our website.

Samsung Electronics has offices across Europe, so we can ensure that your request or query will be handled by the data protection team based in your region. If you have any questions, the easiest way to contact us is through our Privacy Support Page at https://www.samsung.com/request-desk.

You can also contact us at:

European Data Protection Officer
Samsung Electronics (UK) Limited
Samsung House, 2000 Hillswood Drive, Chertsey, Surrey KT16 0RS

Cookies

Cookies are small files that store information on your computer, TV, mobile phone, or other device. They enable the entity that put the cookie on your device to recognize you across different websites, services, devices, and/or browsing sessions.

We use the following types of cookies on this website:

Essential Cookies: enable you to receive the services you request via our website. Without these cookies, services that you have asked for cannot be provided. For example, these enable to identify users and provide proper service for each user. These cookies are automatically enabled and cannot be turned off because they are essential to enable you to browse our website. Without these cookies this Samsung Mobile Security website could not be provided.

Cookie Domain Purpose
JSESSIONID security.samsungmobile.com to keep login session
lastActivityTime security.samsungmobile.com to save the user's last activity time to automatically logout after 30 minutes of inactivity

Managing Cookies and Other Technologies

You can also update your browser settings at any time, if you want to remove or block cookies from your device (consult your browser's "help" menu to learn how to remove or block cookies). Samsung Electronics is not responsible for your browser settings. You can find good and simple instructions on how to manage cookies on the different types of web browsers at http://www.allaboutcookies.org.

Go straight to the menu Go straight to the text
Home>Security Post

Security Post

Announcement
Prev Next

Important Scenario Vulnerability Program

Samsung Mobile Security 06 Aug 2024
  1. We started running a program for the reports which prove critical attack scenarios which have significant impact on our products. If you find any vulnerabilities related to Arbitrary Code Execution on highly privileged targets, Unlocking devices, Full User Data extractions, Arbitrary application installation or Bypass of device protection solution, you are able to receive up-to $1,000,000 which is the maximum amount covered by our program.
Requirements
  1. To join our Important Scenario Vulnerability Program, report must demonstrate a successful attack targeting Important Scenarios. Report can receive the maximum reward amount when it fully satisfy all of the factors below.
    • Report should fully meets Good Report Bonus
    • Report should include buildable exploit which proves successful attack targeting one or many of defined Important Scenarios
    • Exploit should work consistently on the latest Security Update of latest Flagship devices (Galaxy S and Z series)
    • Exploit should be executed without privileges
  3. To join in the program, please add the prefix [ISVP] to the title when submitting your report through our rewards program.
Important Scenarios
Arbitrary code execution on privileged targets
  1. TargetLocal ACERemote ACE
    Knox Vault~ $ 300,000~ $ 1,000,000
    TEEGRIS OS~ $ 200,000~ $ 400,000
    Rich OS~ $ 150,000~ $ 300,000
  2. ※ Full rewards for Knox Vault should meet all the requirements, and demonstrate accessing credential related data stored in Knox Vault.
    ※ Targeting TEEGRIS OS doesn’t include vulnerabilities of Trustlets. This target refers to Secure OS itself.
    ※ Rewards for targeting Rich OS depends on the escalated privileges and the functionality by ACE.
    ※ Full rewards for each targets should provide 0-click exploit with persistence.
Device Unlock & Full User Data Extraction
  1. TargetAfter first unlockBefore first unlock
    Device Unlock
    + Full User Data Extraction    		~ $ 200,000~ $ 400,000
  2. ※ We will provide partial rewards for exploits which prove partial success of this target.
Arbitrary Application Install
  1. TargetLocalRemote
    Application from Galaxy Store~ $ 30,000~ $ 60,000
    Arbitrary applications~ $ 50,000~ $ 100,000
  2. ※ Arbitrary application is an application from unofficial market place or attacker’s server.
Bypass of Device Protection Solution
  1. TargetBypass
    Auto Blocker~ $ 100,000
  2. ※ Full rewards will be paid for exploits which prove fully bypassing Auto Blocker with persistence.
    ※ Targets for Bypass of Device Protection Solution will be updated irregularly.
Recently Post
  • Announcement
    Annual Report in 2023 and New Announcements

    06 Aug 2024

  • Announcement
    Important Scenario Vulnerability Program

    06 Aug 2024

  • Announcement
    Bonus Rewards

    06 Aug 2024

  • Notice
    Site Maintenance Notice

    17 May 2024

  • FAQ
    I don’t want to use your system for reporting my finding.

    16 May 2024

Categories
Archive