Samsung Galaxy S6 Edge security flaws: Google's Project Zero discovers 11 high-impact issues in device


Owners of Samsung Galaxy S6 Edge devices should be aware that some security flaws have been spotted by Google’s Project Zero.

Natalie Silvanovich of Project Zero wrote on their official blog that they saw and reported 11 “high-impact security issues” on the Samsung Galaxy S6 Edge. The problems relate to Android’s security boundaries that often get attacked. These include gaining remote access to messages, photos, and contacts, applications installed from Google Play that access information without permission, and “persist code execution across a device wipe.”

The first issue found was a directory traversal bug that permitted files to be written as systems in the device. Another flaw spotted was in the Samsung Email application. The bug could be exploited to forward a user’s emails to another account. As for image parsing, the Project Zero team spotted about five issues that could be triggered by downloading an image. As a result, the phone’s memory could be corrupted.

“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down… We found issues very quickly in these areas through fuzzing and code review… These types of issues are especially concerning, as the time to find, exploit and use the issue is very short,” Silvanovich added.

Project Zero immediately reported the issues discovered to Samsung, and the tech giant issued a fix. As of the October Maintenance Release, eight out of 11 flaws have been resolved, and the others will be fixed this month.

As reported by BBC, Samsung said in a statement that maintaining the trust of their customers remains their top priority.

Google’s Project Zero aimed to know how difficult it would be to find bugs on Original Equipment Manufacturer (OEM) devices that run the Android Open-Source Project (AOSP). This is due to the possibility that they could “introduce additional and possibly vulnerable code” across all Android devices.