Bug Bounty Program

Samsung TV Bug Bounty

Samsung welcomes you to the Samsung TV Bug Bounty Program.
We are pleased to offer a monetary bounty for certain qualifying security bugs.

Every participant has to log a security bug in the Samsung TV
which thereafter will be validated and evaluated by our security experts.
Eligibility Criteria
Scope of the Program
  • Our Bug Bounty reward program scope includes:
    • Hardware / Software vulnerabilities on Samsung TV:
      • Models from years 2018 to 2020.
    • Vulnerabilities on Samsung TV software:
      • Smart Hub and core components (e.g. Web browser, AllShare, Media Player, etc.).
      • Samsung TV apps released by Samsung Electronics Co., Ltd..
      • Vulnerabilities on Samsung TV web infrastructures that directly support the operation of Samsung TV.
    • Note: we do not publish the list of web infrastructures that directly support the operation of Samsung TV.
  • We will not reward:
    • Non-security related bugs.
    • Vulnerabilities on any system / device / app / website not mentioned above.
    • Vulnerabilities on websites providing commercial, informational or support related contents (even if related to TV).
    • Vulnerabilities that have little or no impact (e.g. XSS that cannot lead to any exploit on a minor website).
    • Security bugs in third-party applications.
    • Security bugs in third-party websites integrated with Samsung.
Code of Conduct
  • Ethical Testing
      Your activities during vulnerability research should not threaten or impact the business, services or users of Samsung and our partners.
      By impact we mean affecting confidentiality, integrity or availability of devices, infrastructure and services.
      Please refrain from:
    • Accessing 3rd party accounts or data (please use test accounts).
    • Attempting denial of service attacks.
    • Using Spam, Phishing or other social engineering techniques.
  • More generally, please do not attempt any unethical or illegal activity during testing.
    We will not pursue legal action against security researchers who conduct testing in an ethical manner as specified above.
Rewards
Eligibility
  • Eligibility Requirements for a reward:
    • Issue must not already be known by Samsung (e.g. not already public, not already found by us during a pen test, not already reported by another user...).
    • Issue must have a significant impact.
Hall Of Fame
  • Participants who contributed in identifying security issues in the above defined scope will be mentioned on our Hall of Fame page.
    • Note: we do not give paper certificates, letters of recommendation, etc.
Monetary Reward
  • We will reward qualifying bugs depending on the maximum severity of the vulnerability and the priority of the target impacted.
  • We will provide higher reward scores for:
    • Reports on vulnerabilities regarding any TV security solution. (e.g remotely compromise verified boot, kernel).
    • Reports on vulnerabilities with detailed and specific information (e.g., proof of concept & source code, test case, patches).
Non-Monetary Rewards
  • You hereby acknowledge that the final decision to provide the reward and the amount of the reward is at Samsung’s sole and complete discretion.
    • Note: we do not provide rewards in the form of Samsung devices, swag, goodies, etc.
Turnaround Time
  • We will make commercially reasonable efforts to meet the following turnaround time :
    • Time to issue an initial response (from date of report submission) - 1 business day
    • Time to issue a triage (from date of report submission) - 10 business days