South Korean handset major Samsung is the king when it comes to rolling out regular software updates for its smartphone line. In February, Samsung announced that it would provide five years of security updates for select Galaxy devices, and now the company says it is open to providing security updates beyond the current promised time of five years.


"We provide four years of security updates for our older Galaxy models and we provide five years of security updates for our latest models. As you know, we have a large number of models under our coverage and we offer a minimum of five years of updates for billions of devices. So, that is the default number of years that we provide our security update. However, if there are any significant OS or security updates then we could offer that beyond the five years period as well," Dr. Seungwon Shin, VP & Head of Security, Samsung Electronic told ABP Live during a virtual round-table with select media.


Samsung's timely updates and its defence-grade, hardware-based security platform "Knox" renders the flagship Samsung Galaxy devices protection against potential security threats. Samsung's proprietary security platform Knox secures sensitive user information, including passwords and PINs in one place. The platform started off as an enterprise security solution and evolved into a holistic defence-grade security platform for consumers and businesses alike.


Biggest vulnerability detected by Knox to date is voice phishing attacks


According to Dr. Shin, the biggest security flaw that Knox has ever detected and blocked to date is voice phishing attacks. In the company's home turf, voice phishing attacks are common and Samsung on various occasions has automatically identified and blocked such attempts. Samsung, along with the National Police Agency of Korea has developed an app that proactively predicts and blocks potential voice phishing attacks.


What is Samsung bug bounty programme? 


Samsung pays researchers between $200 and $200K for qualified exploits on its bug bounty programme, according to a study conducted by Atlas VPN. The South Korean tech giant says that it rewards qualified future vulnerabilities through the bug bounty programme too.  


"With the bug bounty programme, we can capture any potential mistakes based on the feedback we receive from the outsiders, and we basically reward not just tangible vulnerabilities, but also any potential or future vulnerabilities and attacks, and we launch patches accordingly. This allows us to proactively respond to any future vulnerabilities," Dr. Shin noted.