Google’s Project Zero team has revealed it has found a number of serious security flaws in Samsung’s Galaxy S6 edge smartphone. Project Zero is the division of Google that spends most of its time attempting to find – and subsequently fix – zero-day vulnerabilities across all major operating systems.
Of the flaws found, the most worrying is a bug that allows a malicious application to forward emails from a user’s account to another account. A blog post by the Project Zero team said that although the bug did leave traces of the sent mails in the user’s email, “…it is still easy access to data that not even a privileged app should be able to access.”
During its testing, Project Zero discovered the weakest areas attackers could target are within device drivers and image processing. A total of five bugs that corrupt the phone’s memory were discovered, all five of which happen during image processing. Two of these bugs require an image to be opened while the remaining three can occur when the smartphone downloads an image.
The trouble with Android
Eight of the 11 bugs found by the team have already been patched by Samsung with over-the-air updates; the last three remain unfixed.
This find represents a significant problem with Android smartphones and tablets. While Google owns Android, manufacturers often create their own version of the operating system with specific features and functionality tailored for its products. The inclusion of these features can often create bugs or security flaws in the already-buggy Android software, and require reviewing and patching.
Samsung did manage to patch the high-risk bugs before the 90 day time limit that Project Zero gives companies before releasing the information to the public, expired.
Should you feel a bit worried, we’d recommend installing an anti-virus on your smartphone and tablet, just so that malicious attackers have a harder time getting to your personal information.
[Source – Project Zero Blog] [Image by CC 2.0 – lyudagreen]