The Samsung Galaxy S6 Edge is an amazing phone but it has demerits. Google revealed 11 security flaws in the handset. Hackers have the capability of hacking and taking control of the phone. Samsung took action after the flaws were discovered. However, some vulnerabilities are yet to be addressed. An expert said that the bugs significantly weakened the security of Google’s operating system.
“There is definitely a tension between Google and the handset manufacturers because Google wants to protect its Android brand, and when it comes to security, Android has been quite tarnished,” added Dr Steven Murdoch, a security researcher at University College London.
“Some of that is down to the extra software that handset manufacturers add.” A statement from Samsung said the three remaining bugs would be fixed via a security update later this month. “Maintaining the trust of our customers is a top priority”, Samsung said.
The phone’s vulnerability
Google has an active team dubbed Google Project Zero. The team’s job is to hunt previously unknown computer security flaws and they were able to establish details of Samsung Galaxy S6 Edge security flaws.
“Over the course of a week, we found a total of 11 issues with a serious security impact,” the team wrote.
“The majority of these issues were fixed on the device we tested via an OTA (over the air) update within 90 days.
“It is promising that the highest severity issues were fixed and updated on-device in a reasonable time frame.”
BBC reports the team established a vulnerability in the Samsung’s email software that could have allowed hackers to forward a victim’s messages to their own account. Another allowed attackers to alter the settings of Samsung’s photo-viewing app by sending the handset a specially encoded image. However, the issue that surprised Google experts was the existence of a directory traversal bug in a wi-fi utility built in to the phone.
“If someone provided malicious data to the software, they could then change other files on the system and interfere with other functions, in particular security functions,” said Dr Murdoch. “A hacker, would also need to convince their target to install a malicious app, which might appear to have very limited access to the phone’s other functions.”
“This would only happen as part of a chain of events, but eventually it could allow someone to take over the entire phone,” Dr Murdoch added. “Android tries to have layers of protection, so even if you break past one level of protection there’s another one. This removed some quite important layers of that protection.”
Last month, Samsung assured it’s customers that they have fixed the Samsung Galaxy S6 Edge security flaws. “Samsung encourages users to keep their software and apps updated at all times,” added a spokesman.