Project Zero, a program focused on safety initiated by Google, has looked at the edge Galaxy S6 to check whether it was safe or not. The answer is no …
For some time, Google is very interested in security and tries to make amends good conduct. This summer, the Mountain View giant has for example announced that its mobile operating system is now updated monthly to correct all possibly discovered security vulnerabilities. Unfortunately, Android is largely represented by third party manufacturers, modifying the original code, and possibly open new access to malicious spirits.
In order to realize the gravity of the situation, Google leaned on the edge Galaxy S6, a recent and particularly popular smartphone, thus more susceptible to attacks. Several teams are united to sift through the Korean phone focusing on three areas in particular:
- Have access to contacts, photos and messages remotely (most points were awarded for faults requiring no interaction from the victim)
- Have access to contacts, photos, geolocation, etc. without permission from an application available on the Google Play Store
- Make persistent execution code obtained through the Access 1 and 2
11 vulnerabilities discovered <. /> h2>
Overall, in just a week, teams of Project Zero discovered eleven security vulnerabilities of varying severity on the Samsung Galaxy S6 edge. One of them allowed for example to decompress a ZIP archive anywhere, including in sensitive areas specific to the system. Others took advantage of the lack of security in the mail client to run JavaScript code, or forward all messages to the victim.
These safety problems have been discovered on the Galaxy S6 edge as they are not part of the code AOSP (Android Open Source Project) base, which emphasizes the lack of security that can bring many additional software features added by OEMs. A sore that will unfortunately always present on Android.
A reactive builder
Google warned Samsung has obviously foremost security problems present in its flagship. Highly reactive, the manufacturer has already corrected 8 of the 11 reported vulnerabilities, leaving only the less important this time. The last three will nevertheless set from the deployment of the next security patch, scheduled for November.
It would be interesting however to achieve the same operation with the different brands offering Android smartphones to see if any would prove Samsung also reactive than …
No comments:
Post a Comment