FB pixel

Samsung offers $1M bounty for ethical hackers to crack Knox Vault

Samsung offers $1M bounty for ethical hackers to crack Knox Vault
 

In a bold move aimed at bolstering its cybersecurity measures, Samsung Electronics is offering a $1 million payout to anyone who can successfully find and exploit security vulnerabilities in its Knox Vault processor and storage offering.

Building on the protection provided by TrustZone, Samsung’s Trusted Execution Environment (TEE) designed to safeguard sensitive information like passwords, biometrics, and cryptographic keys, Knox Vault offers an enhanced layer of security. Unlike TrustZone, which operates alongside Android on the main application processor, Knox Vault functions independently from the primary processor running the Android OS.

The announcement, made through Samsung’s official security portal, details a vulnerability that affects a range of its mobile devices. According to the information released, the security flaw could potentially allow unauthorized access to sensitive data or grant elevated permissions under specific conditions.

The $1 million bounty is being offered as part of Samsung’s expanded efforts to engage with the global cybersecurity community. The company is specifically interested in seeing a demonstration of the vulnerability being exploited in a controlled environment. To qualify for the bounty, participants must provide a detailed report and proof of concept, ensuring the exploit aligns with the parameters set by Samsung’s security team.

To earn the reward, those willing to attempt will need to demonstrate exploitation using a zero-click method to break into a Galaxy S or Z handset as a non-privileged user and obtain credentials. Hackers must also show that they can access credential-related data stored in Knox Vault.

The Galaxy S24 features under-display fingerprint biometric technology from Suprema and Qualcomm.

Samsung’s decision to offer such a substantial reward is part of a broader trend among tech companies that increasingly rely on bug bounty programs to uncover and address security vulnerabilities. These programs have proven to be effective in incentivizing researchers and ethical hackers to collaborate with companies in fortifying their systems.

Last year, similar to Samsung, Shufti Pro introduced a bug bounty program to enhance the security and reliability of its biometric identity verification software, and in 2022, Onfido also opened a bug bounty program for cybersecurity researchers and ethical hackers to help it improve its digital identity platform.

Related Posts

Article Topics

 |   |   | 

Latest Biometrics News

 

Karachi launches safe city project with live vehicle, facial recognition

Karachi has launched the first phase of its Safe City Project, with five poles equipped with 25 surveillance cameras. A…

 

Biometric payments project launched in Kazan, Russia

The authorities of the city of Kazan, a center of Russian petrochemical production, has officially launched biometric face payment via…

 

DPI is taking stage as India’s digital model is shaping global governance

Governments worldwide are increasingly prioritizing the development of robust Digital Public Infrastructure (DPI), in a shift that comes in response…

 

Comoros to implement digital govt program with $10M AfDB grant

The Union of the Comoros is set to execute a digital public infrastructure (DPI) project thanks to €9.51 million (US$10.4…

 

Malaysia pushes for stronger DPI governance

Malaysia has ambitions to become a digital hub for Southeast Asia but the country still has some way to go,…

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events