On Monday, Google's Project Zero hackers revealed major flaws in the Android-powered Samsung Galaxy S6 Edge.
"The majority of Android devices are not made by Google, but by external companies known as Original Equipment Manufacturers or OEMs which use the Android Open-Source Project (AOSP) as the basis for mobile devices which they manufacture. OEMs are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers", explained Project Zero member Natalie Silvanovich. "We chose the Samsung Galaxy S6 Edge, as it is a recent high-end device with a large number of users". The researchers took one week to try to hack the device and their results were unsettling.
In a blog post on Monday, the Project Zero team revealed that it found a total of "11 high-impact security issues" when investigating Samsung's popular smartphone. These include three driver issues, two issues with the Samsung email client, five memory corruption issues in Samsung-specific image processing, and more. The researchers reported these vulnerabilities to Samsung, and all but three have been patched in the October Maintenance Release. The three remaining vulnerabilities are classified as lower severity issues, and will be patched in November. It is promising that Samsung has taken the vulnerabilities seriously, patching the high-impact issues swiftly, but it is worrisome that Google's team of elite hackers was able to find so many bugs in the popular smartphone in just a week's time.
Photo: © Creative Commons - Flickr: HL?B.