back to article Samsung boosts bug bounty to a cool million for cracks of the Knox Vault subsystem

Samsung has dangled its first $1 million bug bounty for anyone who successfully compromises Knox Vault – the isolated subsystem the Korean giant bakes into its smartphones to store info like credentials and run authentication routines. Samsung's not made it easy to become a bug-blasting millionaire. Scoring the cash requires …

  1. mikus

    Maybe they should hire/acquire Cellbrite?

    Considering it took Israeli Cellbrite, the worlds favorite mobile malware vendor for government agencies, 40 minutes to unlock the Trump assassin's Samsung phone for the Secret Service, Samsung is obviously not paying the right people enough where other more nefarious suitors are more than willing.

    1. Anonymous Coward
      Anonymous Coward

      Re: Maybe they should hire/acquire Cellbrite?

      I would expect that that access was gained with the device spread out on a top-tier test bench with probes connected to ALL OF THE EVARYTHING, not a zero-click remote access exploit.

  2. An_Old_Dog Silver badge
    Black Helicopters

    The Devil is in the Details

    1. Precisely how this Fort Knox circuitry "isolated"? Logically, it cannot both be truly isolated and effectively-functional, since some communications channel is required through which to receive secrets to be stored, to send secrets when presented with a correct key, to receive keys, and possibly to send information as part of a handshake protocol.

    2. There are persistent rumors/myths/urban legends/&c. that the physical Fort Knox (technically, the "United States Bullion Depository") is an empty building, kept in-commission merely for appearance' sake. Samsung's electronic Fort Knox may be a similar red herring.

    3. "If you wish to kill the general, you first must shoot his horse." Were I attempting this, !'d try social-engineering in an engineering change order defining a new machine-specific, write-only register which upon receipt of a particular bit-pattern, enabled kernel-mode access for the current process.

    (Icon for Fort Knox conspiracy theories.)

    1. ThatOne Silver badge
      Devil

      Re: The Devil is in the Details

      > It's an isolated processor and storage enclave

      ...but there is a hardcoded developer backdoor with the developer's mother's birthday as a password. There always is.

  3. Tron Silver badge

    The biggest vulnerability at Microsoft...

    ... is the danger of someone firing a missile at their HQ after they have released a Windows update, but before they have fixed it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like