Project Zero discovered 11 security issues on Samsung Galaxy S6 edge

Project Zero team, specialists on security issues from Google announced that they had discovered 11 security issues on the new phone Samsung Galaxy S6 edge. A special thing in here is that these bugs are not coming from the operating system Android, but the producer of Samsung itself!

According to the announcement, the report showed totally 11 security problems on the Samsung Galaxy S6 edge – the high-end device by Samsung with a huge number of users all around the world. The Google specialists also pointed out the consequences these bugs: users of this smartphone may lose control of their device, the personal and confidential information through email and the privilege of the applications.

According to the Project Zero team, although Samsung Galaxy S6 edge is equipped with several layers of security, they still found out so many severe security issues on it. They stated that the hackers will penetrate the last security layer of Samsung sooner or later. They pointed out the weakness of Samsung smartphones are driver and digital signal processing. These bugs appeared immediately after the test.

11 security issues are discovered  on the new phone Samsung Galaxy S6 edge

In total 11 security problems, there are 3 severe ones which are very easy for hackers to exploit and do harm to the user’s rights.

The first and also the most interesting problem discovered by Mark Brand was in a service provided by Samsung called WifiHs20UtilityService. Basically, this service is run under administrator with highest privilege, its functions are to check and unzip the compressed ZIP files. Unfortunately, the Application Programming Interface (API) used to read the file cannot identify the file path. By this error, hackers can create system file your smartphone to exploit your personal information.

Another security problem related to Samsung Email client was found by James Forshaw. This bug makes the email service of Samsung skip the security checkout steps and it creates the fake intents in Android. These intents forwarded the user’s email to another random account. Moreover, these forwarded emails contain the folder sent by users, which may contain the personal information and important documents.

The third security issue lies in SELinux. As you know, SELinus is a defense mechanism on the basic of default Android which makes it much more difficult for the hackers to attack the phone or do external harm. There are 3 bugs that help attackers to disable SELinux, put the user’s mobile phone at risk of losing data.

The representative of Samsung said that the nature of this checking is to repair all the bugs existing in a specific product. Before the announcement to the press, Google sent this report to Samsung 90 days earlier, however, the Korean producer cannot fix these bugs in that period of time. So, Google has to public the report to the Press. A member of Project Zero said that Samsung promised to fix all these bugs as soon as possible at all cost. However, users haven’t received any updated version to repair the security issues yet.

Post Comment