The startup Zerodium put a half months before dégoter of zero-day vulnerabilities on the iPhone through a competition to one million dollars. On the Samsung Galaxy S6 Edge, things are obviously much simpler. In July, hackers Google Project Zero will have a week to put get your hands on 11 critical flaws, to hack the remote terminal or through a fake app and access to personal data such as photos, contacts, messages, or geolocation.
To achieve this feat, Google has set up two teams of five people and had them play against each other, just to stimulate the spirit of competition. According to the Protocol of Google Project Zero, the flaws were immediately notified to Samsung, which had 90 days to correct them. We must, indeed, all these flaws specify that concern the overlay software Samsung, not the Android system itself. A patch for eight of the vulnerabilities was published in October. The three remaining gaps should be filled by the end of November. Flaws technical details are available on the website of Google Project Zero.
According to Google, the most vulnerable areas seem to be the drivers and media management. “Very quickly we found problems in these areas by code analysis and fuzzing *. We were also surprised to find three logical bugs whose operation was trivial “, highlights one of security researchers in a blog note. The quality of software development is clearly not a priority at Samsung. But it is certainly also the case for other manufacturers.
* Fuzzing is a technique for testing the vulnerabilities of a program by injecting random data.
Source:
Note blog
No comments:
Post a Comment