Google’s Project Zero finds 11 vulnerabilities in Samsung’s Galaxy S6 Edge

Google reveals that there are 11 serious vulnerabilities in Samsung’s Galaxy S6 Edge.

Google’s Project Zero, a security research team that looks for zero-day vulnerabilities, recently turned their focus to the Galaxy S6 Edge, a product of partner, Samsung.

Project Zero says that they decided to look into the Samsung phone because they wanted to see what the differences would be between their own Androids and Androids made by Original Equipment Manufacturers.

Natalie Silvanovich, a researcher for Project Zero, wrote up their process in a blog.  Project Zero decided to study the Samsung phone by splitting into teams and focusing on three main goals:

  1. Gain remote access to contacts, photos and messages. More points were given for attacks that don’t require user interaction, and required fewer device identifiers.
  2. Gain access to contacts, photos, geolocation, etc. from an application installed from Play with no permissions
  1. Persist code execution across a device wipe, using the access gained in parts 1 or 2

In the end, they discovered a path traversal issue, a permissions weakness, a script injection issue, 3 driver issues, and 5 image parsing issues.

Project Zero reported the vulnerabilities to Samsung, and all but 3 were patched in October.  Google says that the 3 remaining vulnerabilities are less severe than the other 8, and are expected to be patched in November.

The researchers who made the discoveries are Mark Brand, James Forshaw, Matt Tait, Ben Hawkes, Ian Beer, Lee Campbell, and Natalie Silvanovich.
For information on how you can prevent your organization from being breached, visit www.miltonsecurity.com or call 714-515-4011.

Be First to Comment

Leave a Reply

Your email address will not be published. Required fields are marked *