Through its own software extensions for Android Samsung has apparently accidentally some vulnerabilities in the Galaxy S6 Edge installed. Found this by security experts from Google. Much of the leak but has been closed.
The security of Android is a constant topic of discussion. While the operating system itself is quite safe and occurring gaps of Google be closed quickly, the update policy, the manufacturer always causes problems. In order to detect security breaches in the various versions of Android in time, Google operates a dedicated team called Project Zero. This team now has the Samsung Galaxy S6 Edge looked closer and doing some vulnerabilities in the software found that the manufacturer has installed himself accidentally.
Severe vulnerabilities in images and ZIP files
Within two weeks, the team of Project Zero was eleven security holes when Galaxy S6 Edge, some of which were classified as serious. This could allow attackers to install malicious software on the devices. As an example, the specialists called the handling of smartphones with image files. So it was possible to enrich image files with additional code, so as to start attacks on the device. In some cases it is sufficient to download the relevant images on the cell phone.
Another problem is caused by the fact that the Samsung software automatically scans on the phone stored Zip files and unzip them. The software does not appear to check whether in the ZIP files are malicious programs. This also makes the smartphone could be hacked from the outside.
There is no reason for panic
However, do not panic owner of a Samsung Galaxy S6 Edge after these revelations. The vulnerabilities had in fact reported in time to Samsung Google. Already with its software update in October has therefore closed eight manufacturers of critical leaks. The remaining three leaks should be fixed in November. Samsung's strategy is likely to pay off at this point, now monthly security patches to be published for its smartphones. In addition, so far, no cases are known in which a Galaxy S6 Edge was actually hacked on one of the vulnerabilities.
The security of Android is a constant topic of discussion. While the operating system itself is quite safe and occurring gaps of Google be closed quickly, the update policy, the manufacturer always causes problems. In order to detect security breaches in the various versions of Android in time, Google operates a dedicated team called Project Zero. This team now has the Samsung Galaxy S6 Edge looked closer and doing some vulnerabilities in the software found that the manufacturer has installed himself accidentally.
Severe vulnerabilities in images and ZIP files
Within two weeks, the team of Project Zero was eleven security holes when Galaxy S6 Edge, some of which were classified as serious. This could allow attackers to install malicious software on the devices. As an example, the specialists called the handling of smartphones with image files. So it was possible to enrich image files with additional code, so as to start attacks on the device. In some cases it is sufficient to download the relevant images on the cell phone.
Another problem is caused by the fact that the Samsung software automatically scans on the phone stored Zip files and unzip them. The software does not appear to check whether in the ZIP files are malicious programs. This also makes the smartphone could be hacked from the outside.
There is no reason for panic
However, do not panic owner of a Samsung Galaxy S6 Edge after these revelations. The vulnerabilities had in fact reported in time to Samsung Google. Already with its software update in October has therefore closed eight manufacturers of critical leaks. The remaining three leaks should be fixed in November. Samsung's strategy is likely to pay off at this point, now monthly security patches to be published for its smartphones. In addition, so far, no cases are known in which a Galaxy S6 Edge was actually hacked on one of the vulnerabilities.
Comments
Post a Comment