Samsung Galaxy S6 Edge Security Flaws Uncovered In Google Project Zero Audit

The Samsung Galaxy S6 Edge is one of the South Korean giant's flagship handsets for 2015, but that doesn't mean it is free from vulnerabilities. Recently, it was reported that the device is home to no less than 11 security flaws.

The flaws were uncovered by Google's Project Zero, a program designed to look into devices made by OEMs to see if they are riddled with security flaws. This is the first time Google has turned to one of its own after making headlines when the team found issues with Windows and OS X in the past.

"Having done some previous research on Google-made Nexus devices running AOSP, we wanted to see how different attacking an OEM device would be," Google explained on the Project Zero blog.

The most serious issue Google has come across with the customized Android software inside the Galaxy S6 Edge was Samsung's own WifiHs20UtilityService. This is a service that scans zip files on the SD card, and it also unzips these same files. The bug exploits the API to unzip the file but fails to verify the path, which causes it to be written in an unidentified location.

There's also another issue, but this has a lot to do with the Samsung email client. It suffers from a script injection issue that could allow third parties to remotely access the device, something that could increase attacks on the email client.

Overall, the Google Project Zero team has found 11 severe bugs and has already reported the problem to Samsung in hopes of a speedy fix. So far, Samsung has fixed eight issues in an October update, leaving three in the air.

Samsung has not stated when exactly users should expect the remaining three security flaws to be fixed, but the company did say before the end of this month, so it shouldn't be very long now.

After the Galaxy S6 Edge, Google's Project Zero will most certainly set its sights on other Android OEMs in the future to ensure users are safe.

Photo: Kārlis Dambrāns | Flickr

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics