Google Hackers Expose 11 Major Security Flaws In Samsung Galaxy S6 Edge
In a blog post describing the bug hunt, Project Zero (correctly) notes that the majority of Android devices are not made by Google, but by third-parties known as Original Equipment Manufacturers, or OEMs. Having researched vulnerabilities on Google-made Nexus devices running the Android Open-Source Project (AOSP), Project Zero decided to turn their attention to a Samsung, one of the biggest OEMs in the world.
"In particular, we wanted to see how difficult finding bugs would be, what type of bugs we would find and whether mitigations in AOSP would make finding or exploiting bugs more difficult [on an OEM device]. We also wanted to see how quickly bugs would be resolved when we reported them. We chose the Samsung Galaxy S6 Edge, as it is a recent high-end device with a large number of users," Project Zero said.
The gave themselves a week to root out vulnerabilities, and to keep everyone sharp, the researchers made a contest out of it pitting the North American and European participants against each other.
Their efforts resulted in the discovery of 11 vulnerabilities, the "most interesting" of which was CVE-2015-7888. It's a directory traversal bug that allows a file to be written as a system. Project Zero said it was trivially exploitable, though it's also one of several that Samsung has since fixed.
After reporting the issues to Samsung, it rolled out fixes for eight of the 11 vulnerabilities, which Project Zero confirmed by re-testing an updated Galaxy S6 Edge. As for the remaining three, they'll be fixed sometime this month.