Previous Story
Eleven ‘high-impact security issues’ in Samsung Galaxy S6 Edge
Posted On Nov 06 2015
Comment: Off
One bug was found in the email client that “can send a series of intents that causes the user’s emails to be forwarded to another account”.
All of the discovered issues were reported to Samsung, which fixed them before Google’s typical 90-day disclosure deadline, except for three that have lower severity and remain unpatched.
“Overall, we found a substantial number of high-severity issues, though there were a few effective security measures on the device which slowed us down”, Project Zero says. The majority of these issues were fixed on the device we tested via an OTA [over the air] update within 90 days.
Luckily, the Korean tech giant was quick to react and pushed out fixes for 8 of the 11 issues, with the other 3 scheduled to be fixed later this month.
Project Zero has previously poked about in Windows and OS X looking for bugs, but recently turned its attention to the Galaxy S6 Edge.
The weakest link in the Samsung Galaxy S6 Edge concerned with device drivers and media processing as the team was able to find as many as three driver issues. Stagefright was a hole in most Android phones that allowed devices to be taken over simply by receiving a text message. After a week of hacking the Samsung, Project Zero had identified 11 serious flaws in its software.
Recent revelations of two versions of the Android “Stagefright” bug, as well as various bugs in Samsung’s devices, have dented confidence in the security of Android.
In fact, the global Business Times reports that Samsung is already ready with the beta edition of Android 6.0, and it will be made available to general users after its testing is complete.
“Each team worked on three challenges, which we feel are representative of the security boundaries of Android that are typically attacked”, Google wrote.
Details of the remaining bugs can be found on Project Zero’s blog and its database of closed flaws.
Google calls the companies whose smartphones use its software, including Samsung, LG and Motorola, Original Equipment Manufacturers, or OEMs. By OEM we mean a manufacturer that makes phones based on Android Open-Source Project (AOSP).
