FB pixel

Samsung offers $1M bounty for ethical hackers to crack Knox Vault

Samsung offers $1M bounty for ethical hackers to crack Knox Vault
 

In a bold move aimed at bolstering its cybersecurity measures, Samsung Electronics is offering a $1 million payout to anyone who can successfully find and exploit security vulnerabilities in its Knox Vault processor and storage offering.

Building on the protection provided by TrustZone, Samsung’s Trusted Execution Environment (TEE) designed to safeguard sensitive information like passwords, biometrics, and cryptographic keys, Knox Vault offers an enhanced layer of security. Unlike TrustZone, which operates alongside Android on the main application processor, Knox Vault functions independently from the primary processor running the Android OS.

The announcement, made through Samsung’s official security portal, details a vulnerability that affects a range of its mobile devices. According to the information released, the security flaw could potentially allow unauthorized access to sensitive data or grant elevated permissions under specific conditions.

The $1 million bounty is being offered as part of Samsung’s expanded efforts to engage with the global cybersecurity community. The company is specifically interested in seeing a demonstration of the vulnerability being exploited in a controlled environment. To qualify for the bounty, participants must provide a detailed report and proof of concept, ensuring the exploit aligns with the parameters set by Samsung’s security team.

To earn the reward, those willing to attempt will need to demonstrate exploitation using a zero-click method to break into a Galaxy S or Z handset as a non-privileged user and obtain credentials. Hackers must also show that they can access credential-related data stored in Knox Vault.

The Galaxy S24 features under-display fingerprint biometric technology from Suprema and Qualcomm.

Samsung’s decision to offer such a substantial reward is part of a broader trend among tech companies that increasingly rely on bug bounty programs to uncover and address security vulnerabilities. These programs have proven to be effective in incentivizing researchers and ethical hackers to collaborate with companies in fortifying their systems.

Last year, similar to Samsung, Shufti Pro introduced a bug bounty program to enhance the security and reliability of its biometric identity verification software, and in 2022, Onfido also opened a bug bounty program for cybersecurity researchers and ethical hackers to help it improve its digital identity platform.

Related Posts

Article Topics

 |   |   | 

Latest Biometrics News

 

Reality Defender dials in on voice deepfake fraud in banking

As deepfake technology evolves, the variety and sophistication of phishing attacks continues to increase. Organizations may wonder how to protect…

 

Salto Systems releasing new facial recognition access control product

Spanish identity management and electronic locking company Salto Systems is launching a new biometric access control product this month.  The…

 

Microblink, Au10tix, Veriff answer increased demand for AI-enabled IDV

A growing demand for advanced identity verification has driven recent wins for digital identity vendors. Microblink, Au10tix and Veriff are…

 

GAO: Cybersecurity workforce management falls short, impacting security across the board

A new U.S. Government Accountability Office (GAO) audit found that despite notable advancements, federal departments still face substantial barriers to…

 

Pakistan switches digital ID applications from website to mobile app

Pakistan’s National Database and Registration Authority (NADRA) is closing down its public service website and launching a mobile app to…

 

Next Biometrics: quarterlies, annuals, regulatory

January 17, 2025 – Changes to Aadhaar’s biometrics rules have prompted a temporary pause in Indian business that Next Biometrics says…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Viewed This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events