Project Zero, Google’s team of security analysts tasked with seeking out software vulnerabilities, have reported they have discovered 11 ‘high-impact’ security issues with the Samsung Galaxy S6 Edge Android device.
Many of the security issues involved Samsung’s preinstalled default email and gallery applications. Two exploits, that would cause the device to crash, were triggered when an image was opened in Samsung Gallery. Another three bugs saw device memory corruption upon simply downloading an image. One bug, involving the default email client, allowed an unprivileged application to make requests that a user’s emails be forwarded to another account. This bug was described as “noisy” as it would be fairly obvious that it was happening, but nevertheless could leave confidential information at risk.
The other bugs affected the directories and drivers of the mobile phone, allowing privileges for applications to be changed, memory to corrupted, or files to be written to different locations within the device.
Project Zero briefly praised Samsung’s security measures, which they say were “effective” in slowing down their hacking process, however state the measures had significant weak points when it came to protecting drivers and media processing, and that bugs concerning these areas were very easy to find, exploit and use for malicious purposes.
The majority of issues Project Zero found were patched within a 90 day period and no longer affect the device in question. However, three of the less severe issues are said to still be unfixed, though Samsung have promised to patch these issues at some point this month.
Phone hacking can be a real worry – it’s no longer just celebrities who are at risk of being targeted. If your mobile carries important business information – whether it be emails, voice messages, texts or documents – it is important that you keep yourself protected. For some simple tips to help you protect your phone, check out our short video.