Google Researchers Found Vulnerabilities In Galaxy S6 Edge Code

reminiscences of a stock operator pdf

Google security researchers conducted an experiment to find vulnerabilites in the code added by manufacturers to Android. So they hunted for bugs in Samsung’s Galaxy S6 Edge phone. The results were quite disappointing as researchers found several vulnerabilities.

Google found 11 potential vulnerabilities

Google researchers found 11 vulnerabilities in Samsung’s code. Moreover,  they could be used to hack the user’s emails, generate files with system privileges, upgrade the privilege of unprivileged applications and execute code in the kernel. The experiment lasted for a week and its goal was to see if the security mechanisms built into Android were capable of preventing the vulnerabilities in manufacturer-specific code.

In a blog post, the researchers noted that they found a substantial and severe issues, but the device did have some effective security measures which slowed them down. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review.” Three high-impact logic flaws were also noticed, and it was quite easy to find and exploit them.

Google researchers noted that it was quite difficult to attack the device due to the presence of a default defense mechanism in Android. But in some cases the exploits were able to disable SELinux.

Samsung was quick to fix the issues

One of the vulnerability was related to a path traversal in a Samsung service called WifiHs20UtilityService. The service runs with system privileges, and scans for the ZIP archive file and unpacks it in a specific location on the storage partition. It was possible for an attacker to take advantage of the flaw, and cause system files to be written in unintended locations.

Samsung’s email client had a vulnerability as well because of which it did not check the authentication when handling intents. Intents allow the apps to pass instructions to one another inside the Android OS. Since the Samsung email client did not authenticate intents, it was possible for an unprivileged app to instruct it to forward all the emails of a user to different address.

All the issues that Google researchers found were reported to Samsung. The Korean firm fixed all the issues, except for a few, within Google’s typical 90-day disclosure deadline. “It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame,” the Google researchers said.

For exclusive info on hedge funds and the latest news from value investing world at only a few dollars a month check out ValueWalk Premium right here.

Multiple people interested? Check out our new corporate plan right here (We are currently offering a major discount)



About the Author

Aman Jain
Aman is MBA (Finance) with an experience on both Marketing and Finance side. He has worked as a Risk Analyst for AIR Worldwide, and is currently leading VeRa FinServ, a Financial Research firm. Favorite pastimes include watching science fiction movies, reviewing tech gadgets, playing PC games and cricket. - Email him at amanjain@valuewalk.com

Be the first to comment on "Google Researchers Found Vulnerabilities In Galaxy S6 Edge Code"

Leave a comment

Your email address will not be published.