Google’s Project Zero security team recently examined Samsung’s Galaxy S6 Edge and found 11 “high-impact” security vulnerabilities, several of which could be used to steal user data or potentially take control of the device. Fortunately, the bugs described as having the highest potential for exploitation have been already patched by Samsung.
While Google is primarily responsible for maintaining the Android Open-Source Project tree, or AOSP, device manufacturers also introduce their own code in order to differentiate their devices from the competition. Often this includes additional apps and features built on top of Android.
Google is understandably interested in how easily exploitable this additional manufacturer code is, and cites the popularity of the Galaxy S6 Edge as their motivation for choosing that particular device. Other recent Samsung devices are also likely to be similarly vulnerable.
Over the course of a week, several security teams at Google competed with one another to find exploitable vulnerabilities, focusing primarily on those that could lead to the compromise of user data.
Several novel security issues were uncovered, including a directory-traversal bug that could allow files to be written to the device with system permissions. This is due to improper verification of the destination file path by the device.
Google researchers also uncovered several driver errors that could be used to escalate to kernel-level privileges, allowing an attacker to take complete control of the device.
The most critical issues have already been addressed in a recent device update. Google credits Samsung for moving quickly to fix the vulnerabilities within 90 days of disclosure, though three bugs of lesser severity currently remain unpatched.