Two teams of insecurity experts have found more than 11 security bugs in the popular Samsung Galaxy 6S Edge.
Advertisement
The team at Google charged with looking for security risks may be called Project Zero, but its investigation into the Galaxy S6 Edge has revealed a much higher number of potential vulnerabilities.
Google describes the issues with Samsung’s device as “high-impact”, meaning they are quite serious indeed.
Google also found “five memory corruption issues” when using “Samsung-specific image processing”.
“We will give UDS as standard in mass segment devices which increases the standby time by 2X”, Manu Sharma, Director-Product Marketing, Samsung India Electronics said. Any available updates will be downloaded and installed (which requires a reboot), else you’ll receive a “the latest updates have already been installed” message.
The aim of the investigation was to see how hard finding bugs would be in a device running Android that wasn’t built by Google.
KitGuru Says: Google has been taking it on itself to try and make devices more secure.
According to Google’s Project Zero established in July 2014, Original Equipment Manufacturers (OEMs) use the Android Open-Source Project (AOSP) as the basis for mobile devices which they manufacture. Till date, Samsung has fixed eight vulnerabilities and has promised to fix the remaining ones in November. Owned by Google, the flaws could significantly weaken Android as a major Google’s operating system.
In a week, Google discovered 11 security issues that could potentially affect the Samsung device.
The last update of Android Lollipop proved to be a good one for Samsung as most of devices got the update facility quickly. Samsung wasn’t verifying the file path, however, which allows an attacker to write files to an unexpected system location.
The teams also found flaws in the Galaxy S6 software that permitted directory traversal, allowed users emails to be forwarded to another account, and five memory corruption issues in the way images are processed, three of which can be exploited by simply downloading a picture.
Advertisement
Do you think OEMs should do more to ensure the security of their users?
