Group of expert researchers from Google’s Project Zero have found “11 high-impact security issues” on the Samsung Galaxy S6 Edge.
Some of the bugs they discovered appear to be serious, including an exploit found in the Samsung email client that could lead to a user’s emails being forwarded to another account. The Project Zero team was divided into the North American and European team and they focused on finding ways to either gain access to the phone’s contacts, photos and messages remotely or through an app installed from Google Play which has no permissions to do so. Another vulnerability allowed attackers to alter the settings of Samsung’s photo-viewing app by sending the handset a specially encoded image.
“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down. The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review. It was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use the issue is very short.”
said Project Zero in a blog post.
The team reported its findings to Samsung, which had already patched 8 out of 11 of the flaws. The three unpatched issues, which are not as severe as the rest, are due to be fixed in November.