Thursday, 12 November 2015

Google Uncovers 11 Serious Security Flaws within the Samsung Galaxy S6 Edge

Samsung

Google Discovered 11 Serious Security Problems – Samsung’s Galaxy S6


Google has discovered 11 serious security problems in Samsung’s Galaxy S6 smartphone in a sequence of severe test intended to clear the vulnerabilities in handsets. The company had set its security analyst team Project Zero with the challenge to seek out bugs in the Galaxy S6 Edge running an open source version of Google’s Android software called Android Open-Source Project – AOSP, to see how quickly Samsung patched the issue.

Google calls the companies, Original Equipment Manufacturers or OEMs, whose smartphones use its software that include Samsung, LG and Motorola. The researcher of Project Zero, Natalie Silvanovich, wrote in a Google blogpost that, `OEMs are an important area for Android security research since they introduce additional and possibly vulnerable code in Android devices at all privilege levels and they decide the frequency of the security updates which they provide for their devices to carriers’.

Project Zero researchers that were based in Europe and North America, identified within a week, 11 possibly severe security issues in the device especially surrounding media processing and device drivers. They reported the susceptibilities to Samsung specified that eight of the 11 were fixed in their October Maintenance Release while the remaining three which had been marked as lower-severity would be fixed throughout November.

Project Zero – Seeking Bugs in Software


Mr Silvanovich added that it is promising that the highest severity issues were fixed and updated on-devices in a reasonable time frame’. Samsung Galaxy S6 Edge had been released together with its non-curved equivalent the Galaxy S6 in April.

 It was launched as Samsung’s flagship handsets to contend against iPhone 6 and 6 Plus which was released the previous September and these two smartphones faced disappointing sales with Samsung’s profit fell by 8% in July. Recently, it’s most recent version of Android 6.0; Marshmallow had been issued by Google.

Google Nexus 5, 6, 7 and 9 smartphones together with LG’s G4 now are capable of running it while the other manufacturers Samsung, HTC as well as Sony are likely to update their devices in the following weeks. Project Zero has been running for some time now by Google with the task of seeking out bugs in software, alerting the software makers and then reporting the public if nothing is fixed in an attempt to force something to be done.

Internal Contest between Two Teams of Google’s Project Zero Security Teams


Earlier, Google had taken on Windows and OS X with Project Zero bugs, however now it is Samsung in the firing line for 11 serious faults with the Galaxy S6 Edge. The issues with Samsung’s device as high impact have been described by Google, which means that they tend to be quite serious.

The faults comprise of script injections, driver issues, image parsing issues, permission weaknesses as well as a directory traversal bug that enables a file to be written in unexpected settings. Project Zero blog post of Google tends to go in-depth on each of the 11 security faults detected in the Galaxy S6 Edge. Presently most of them are already fixed but three of the tricky ones still remain which include the script injection bug with two specific image parsing errors.

All this was part of an internal contest between two teams of Google’s Project Zero security teams. They had selected Galaxy S6 Edge since it is a decent example of a recently released high-profile Android smartphone.

No comments:

Post a comment

Note: only a member of this blog may post a comment.