Google’s Project Zero has found 11 high-impact security issues in the top-end Samsung Galaxy S6 edge smartphone. So far only 8 of these have been fixed. Google says the reason for carrying out this exercise was to see how easy or difficult it would be to spot bugs and security vulnerabilities in Android phones manufactured by OEMs.
Google says “OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers.”
Google’s team worked on gaining remote access to contacts, photos and messages; gaining access to the same via an app installed from Play with no permissions; and executing code across a device wipe.
According to Google, one of the bugs they discovered allowed for a downloaded file to be written as system. The blogpost notes, “when the file is unzipped in downloads, the API does not verify the file path and it can be written in unexpected locations.” This issue has been fixed. The other serious issue that Google discovered was with regard to Samsung’s email client where a ‘lack of authentication’ can grant access an unprivilege app access to emails. The app can even forward emails to another account, notes Google. This issue has also been fixed. Google also found “five memory corruption issues” when using “Samsung-specific image processing.” According to Google, the weak areas were “device drivers and media processing.” The image processing issue has not been fixed. Another issue, where an attacker can execute javascript embedded in mails also remains unpatched. Google says Samsung is promising to fix the remaining issues soon and that the high-severity issues were fixed via an OTA update within 90 days.
