Code in the Galaxy S6 Edge isn’t as secure as you think, Google researchers reveal

Google security researchers decided to dig into the Samsung Galaxy S6 Edge to see what they could find as far as vulnerable code goes. Suffice to say, what these Googlers found wasn’t good news.

In their digging, 11 vulnerabilities were found that have the potential to be used for creating files within the system privileges for stealing personal data, such as the user’s email. Potentially even more dangerous is that these vulnerabilities could be used to advance an application’s permissions to obtain even more data.

Google sent their findings to Samsung, and got a quick response saying that eight of the major issues had been fixed in an October Maintenance Release. The other three will be fixed in a November Maintenance Release, though it wasn’t mentioned how long these updates will take to get to carrier-branded units.

“It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame,” Google researchers said.

The goal of this experiment was to see that if the security measures that were put in place across the Android platform could prevent the exploitation of these vulnerabilities in a manufacturer’s code. The results were a hit-or-miss, in some cases. For instance, SELinux, a defense mechanism put in the Android code by default, made it difficult to exploit these vulnerabilities, but some bugs in the code allowed SELinux to be disabled, giving Crackers a wide open field to play in.

For those of you interested, you can find all of the hard details on these vulnerabilities and more at the source link below.

source: Google
via: Computer World

Come comment on this article: Code in the Galaxy S6 Edge isn’t as secure as you think, Google researchers reveal