After a team exploited iOS 9 vulnerabilities, remotely hacked Apple devices and earned $1 Million earlier this week the time has come for and Android device.
Recently Google conducted a research on Samsung Galaxy S6 Edge and reported 11 security flaws that might allow hackers to overtake device and one of them even lets an attacker write any file to the victim’s system without permission.
The most of the Android devices are manufactured by different companies than Google. Original Equipment Manufacturers or OEMs are using Android Open-Source Project (AOSP) as the foundation for their handheld gadgets, therefore they represent a sensitive area for Android cyber security.
Google on Samsung Galaxy S6 Edge
Google’s Project Zero decided to dig dipper in Samsung Galaxy S6 Edge security and was divided into two groups, North America and Europe. There were 3 objectives for each team:
Gain remote access to contacts, photos, and messages. More points were given for attacks that don’t require user interaction and required fewer device identifiers.
Gain access to contacts, photos, geolocation, etc. from an application installed from Play with no permissions
Persist code execution across a device wipe, using the access gained in parts 1 or 2
As a result, 11 main security flaws have been discovered. Below you can see the most important discoveries according to Project Zero.
The directory traversal bug, discovered by Mark Brand, allows a hacker to write a file as a system. Samsung Galaxy S6 Edge uses a process that scans for a file in /sdcard/Download/cred.zip and unzips it. Since the API does not have the capability to verify the real file path it may be written in other locations. The bug can be exploited using this method.
As you might have already guessed from the title it is an Email Client bug. Samsung Email Client lacks the authentication capabilities in the intent handler of the client. A malicious application can send a chain of intents in order to forwards legitimate user’s emails to any other account. This flaw was discovered by James Forshaw
For information about other bugs please head to CVEs: