Samsung’s Galaxy S7 will reportedly take yet another page out of Apple’s playbook
Image Source: Zach Epstein, BGR
Here’s another reason why Android has constant issues with
security: OEMs add their own code to devices that might have big holes
of its own. With more than 1.4 billion Android devices in use, a
security team can probably find ways to exploit any custom code OEMs add
to Google’s final Android releases. In fact, Google’s own Project Zero
team took the Galaxy S6 Edge’s custom software for a spin and found
several significant flaws in its code.
As explained in a lengthy post on its Project Zero blog, the security team ran an internal contest for a week, with two teams of researchers tasked to find bugs in Samsung’s code that could be used by attackers for malicious purposes.
“Each team worked on three challenges, which we feel are representative of the security boundaries of Android that are typically attacked,” Google wrote. “They could also be considered components of an exploit chain that escalates to kernel privileges from a remote or local starting point.” These are the three challenges, as shared by the security team.
“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device that slowed us down,” Google concluded. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review. It was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use the issue is very short.”
Some issues are more severe than others, such as letting hackers write files as system files, forwarding emails to other accounts or executing JavaScript code inside the email client. Samsung was notified about these issues and said that eight of the 11 bugs had already been squashed and pushed to users in the October Maintenance Release. The remaining issues will be fixed in the November security update.
More specific details about each of the 11 security issues Project Zero discovered in Galaxy S6 edge’s code are available at the source link.
As explained in a lengthy post on its Project Zero blog, the security team ran an internal contest for a week, with two teams of researchers tasked to find bugs in Samsung’s code that could be used by attackers for malicious purposes.
“Each team worked on three challenges, which we feel are representative of the security boundaries of Android that are typically attacked,” Google wrote. “They could also be considered components of an exploit chain that escalates to kernel privileges from a remote or local starting point.” These are the three challenges, as shared by the security team.
- Gain remote access to contacts, photos and messages. More points were given for attacks that don’t require user interaction and required fewer device identifiers.
- Gain access to contacts, photos, geolocation, etc. from an application installed from Play with no permissions
- Persist code execution across a device wipe, using the access gained in parts 1 or 2
“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device that slowed us down,” Google concluded. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review. It was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use the issue is very short.”
Some issues are more severe than others, such as letting hackers write files as system files, forwarding emails to other accounts or executing JavaScript code inside the email client. Samsung was notified about these issues and said that eight of the 11 bugs had already been squashed and pushed to users in the October Maintenance Release. The remaining issues will be fixed in the November security update.
More specific details about each of the 11 security issues Project Zero discovered in Galaxy S6 edge’s code are available at the source link.
I once hired globalhackteam35@gmail.com. Professional, Skilled and perfect hackers for hire. He's the real deal. My husband was a serial cheater, Had to save myself and the kids so I hired him and I felt a bit skeptical in the beginning but they did a good job. They hack email passwords, Social networks , Whats'app conversations, Cellphones, Any os. Clear criminal records, Change university grades, Improve credit rating , Bank transfers Contact them also for any general hacking services and leave a review for others to see. here is their viber/mobile number +19164365703
ReplyDeleteDo you suspect your spouse of cheating, are you being overly paranoid or seeing signs of infidelity…Then he sure is cheating: I was in that exact same position when I was referred to HACKSERVICES41@GMAIL.COM through my best friend carmella who helped me hack into my boyfriend’s phone, it was like a miracle when he helped me clone my boyfriend’s phone and I got first-hand information from his phone. Now I get all his incoming and outgoing text messages, emails, call logs, web browsing history, photos and videos, instant messengers(facebook,whatsapp,bbm,IG etc) , GPS locations, phone tap to get live transmissions on all phone conversations..if you need help contact him on HACKSERVICES41 at GMAIL dot COM
ReplyDelete