Galaxy S6 Edge Had 11 Nasty Bugs

Hi all,

Google’s Project Zero team in Europe and the United States found 11 vulnerabilities in the Samsung Galaxy S6 Edge. This hacking experiments were focused on Samsung’s latest OEM product because of its popularity and the necessity to make it secure.

The team included James Foreshaw, Natalie Silvanovich and Mark Brand and a few others

Tamagotchi defiler Silvanovich showed that it is possible for attackers to forward Samsung emails to whatever address they please, own devices with media ala Stagefright, and pop phones with five memory corruption holes.

“Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit.”

A directory traversal hole (CVE-2015-7888) was tagged by Silvanovich  as the most interesting security issue while Brand found that it allows files to be written as system.

“There is a process running a system on the device that scans for a zip file in /sdcard/Download/cred.zip and unzips the file. Unfortunately, the API used to unzip the file does not verify the file path, so it can be written in unexpected locations…On the version of the device we tested, this was trivially exploitable using the Dalvik cache using a technique that has been used to exploit other directory traversal bugs, though an SELinux policy that prevents this specific exploitation technique has been pushed to the device since,” Silvanovich said.

Keeping its promise to patch quickly, Samsung had an over-the-air update 90 days after the disclosures were made. Three less-severe issues are, however, zero-day affairs for now.

Teams battled to attack three main attack surfaces of the Samsung S6 Edge that are reasonably consider the components of the exploit chain that can escalate to kernel privileges from a “remote or local starting point”.

Afterwards two flaws with Samsung email including a JavaScript hole, and the means for malware to hide effectively, were found by the team.

Following up on this issue, a Samsung spokeswoman said, “In our first security update, we were able to provide solutions to eight of the more critical issues that were brought to our attention by Google as part of their 90-day reporting policy…The remaining three issues will be included as part of our November security update which will be rolling out over the next couple of weeks. Samsung encourages users to keep their software and apps updated at all times.”

s6edge-

The unfixed bugs as of 4th November are as follows;

CVE-2015-7893: https://code.google.com/p/google-security-research/issues/detail?id=494&q=samsung

CVE-2015-7895: https://code.google.com/p/google-security-research/issues/detail?id=497

CVE-2015-7898: https://code.google.com/p/google-security-research/issues/detail?id=500&q=samsung


Source: Akati

Comments are closed.