Google security researchers conducted an experiment to find vulnerabilites in the code added by manufacturers to Android. So they hunted for bugs in Samsung’s Galaxy S6 Edge phone. The results were quite disappointing as researchers found several vulnerabilities.
Google found 11 potential vulnerabilities
Google researchers found 11 vulnerabilities in Samsung’s code. Moreover, they could be used to hack the user’s emails, generate files with system privileges, upgrade the privilege of unprivileged applications and execute code in the kernel. The experiment lasted for a week and its goal was to see if the security mechanisms built into Android were capable of preventing the vulnerabilities in manufacturer-specific code.
In a blog post, the researchers noted that they found a substantial and severe issues, but the device did have some effective security measures which slowed them down. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review.” Three high-impact logic flaws were also noticed, and it was quite easy to find and exploit them.
Google researchers noted that it was quite difficult to attack the device due to the presence of a default defense mechanism in Android. But in some cases the exploits were able to disable SELinux.
Samsung was quick to fix the issues
One of the vulnerability was related to a path traversal in a Samsung service called WifiHs20UtilityService. The service runs with system privileges, and scans for the ZIP archive file and unpacks it in a specific location on the storage partition. It was possible for an attacker to take advantage of the flaw, and cause system files to be written in unintended locations.
Samsung’s email client had a vulnerability as well because of which it did not check the authentication when handling intents. Intents allow the apps to pass instructions to one another inside the Android OS. Since the Samsung email client did not authenticate intents, it was possible for an unprivileged app to instruct it to forward all the emails of a user to different address.
All the issues that Google researchers found were reported to Samsung. The Korean firm fixed all the issues, except for a few, within Google’s typical 90-day disclosure deadline. “It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame,” the Google researchers said.