Study: Apple pays 5x more per exposed vulnerability than Samsung
A bug bounty program is a reward offered for discovering and reporting a bug in a software product. Many tech companies provide bug bounties to encourage product enhancement and increase connection with end-users or clients.
According to the data compiled by the Atlas VPN team, Apple pays five times more for exposing a vulnerability than Samsung. Exploits that allow hackers to perform network attacks without user interaction are usually worth the most in bug bounty.
The data is based on publicly available information on how much the most significant phone and other electronics manufacturing companies pay for found vulnerabilities in their devices.
Apple pays from $100K to $1 million to researchers who find exploits in their devices. Our report from earlier in the year found that vulnerabilities in Apple products surged by over 450%. Significant bounty payments can motivate more security researchers to search for vulnerabilities in Apple devices.
Huawei’s bug bounty program offers payouts from $200 to $223K for found vulnerabilities in their devices. The company gives out rewards for exploits found in their AppGallery, cloud services, or the phones themselves. Severe vulnerabilities in Huawei phones can earn researchers the most money.
Samsung’s bug bounty program rewards researchers between $200 and $200K for qualified exploits. The amount is determined by the severity level, vulnerability report quality, affected scope, and the difficulty of attacks.
Xiaomi bounty payments range from $800 to $13K for found vulnerabilities. The company also has a special Hacker Leaderboard reward, which goes to the hacker who has earned the most bounty on Xiaomi’s program.
OnePlus and Oppo, both owned by BBK Electronics, bug bounty programs can reward researchers with up to $7K and $4K, respectively. The LG bug bounty program offers compensation of up to $4.2K based on the severity of security vulnerability.
Stay away from vulnerabilities
Companies can avoid many cyberattacks by taking a proactive approach to the most common cyber vulnerabilities and security misconfigurations. Here are a few tips to help you prevent vulnerability threats.
Ensure that your device's operating system and applications are updated to the newest version. Cybercriminals specifically target outdated systems as they have unpatched vulnerabilities, which threat actors could use to launch attacks.
Follow good cybersecurity practices such as not opening suspicious links or attached files in emails. Businesses must also manage identification and access, for example, only granting access to the documents that people require rather than having an open system. If a cyberattack disrupts the company's service, the rest of it remains unaffected.