Google finds serious flaws in Android code Samsung added to Galaxy S6 Edge

Google logoGoogle is facing even greater challenges to secure Android than Microsoft faced in its battles to contain viruses and security exploits for Windows XP in the early 2000s, because Google has less control over the products that ship with Android branding.

As Google's Project Zero team itself noted, Android's licensees "are an important area for Android security research, as they introduce additional (and possibly vulnerable) code into Android devices at all privilege levels, and they decide the frequency of the security updates that they provide for their devices to carriers."

Within the course of a week, teams at Google challenged the "security boundaries of Android that are typically attacked," with an aim to see if they could gain remote access to users' contacts, photos and messages, ideally without any user interaction; exploit the Android phone via an app installed from Google Play that did not require the granting of any permissions by the user; and install an attack on the device that could survive a factory wipe, maintaining a security infection.

The teams discovered a Samsung process that runs with system privileges, which unpacks ZIP file downloads from a given URL. "Unfortunately," Google noted, "the API used to unzip the file does not verify the file path, so it can be written in unexpected locations." [...] "this was trivially exploitable using the Dalvik cache using a technique that has been used to exploit other directory traversal bugs."

Another bug, in Samsung's email code, failed to authenticate when handling Android intents, an OS-level feature that lets apps pass commands between themselves. Without authenticating, Samsung's email software allowed an unprivileged app to hijack emails and forward them to other account.

Google noted that the mistake opened up "easy access to data that not even a privileged app should be able to access," further highlighting how little control Google has over Android in the hands of its licensees.

Google also found that buffer overflow flaws in three Samsung drivers "could be used by bugs in media processing, such as libStageFright bugs, to escalate to kernel privileges."

Five exploitable flaws were also found in Samsung's image processing code, two of which could allow privilege escalation when a rogue image file is opened in Samsung's Gallery app, while the other three could be triggered simply by downloading an image.

Google    Galaxy S6 edge

Google expressed surprise at how quickly it could find these exploits, adding that "it was also surprising that we found the three logic issues that are trivial to exploit. These types of issues are especially concerning, as the time to find, exploit and use the issue is very short."

Google noted that Samsung's use of SELinux "made it more difficult to investigate certain bugs, and to determine the device attack surface," but that it also "found three bugs that would allow an exploit to disable SELinux, so it's not an effective mitigation against every bug."

Samsung and Google have worked to patch the most serious bugs found, but the findings of just one week of bug hunting highlight the difficulty in securing even the most expensive models of Android phones on sale from its largest licensee, one that has a committed interest in wooing government and enterprise buyers with its self-signed seal of approval brand of "SAFE" or "Samsung for Enterprise."

Android's security problems have compounded since 2011, when researchers from North Carolina State University demonstrated that Android's permission-based security system could be easily circumvented due to flaws in the software that licenseesincluding HTC, Samsung, Motorola and even Google's Nexus-branded phoneswere adding to their devices.

After reporting issues to Android vendors, the group noted that "we experienced major difficulties with HTC and Samsung," adding that they "have been really slow in responding to, if not ignoring, our reports/inquiries."

Flaws in Google's own Android code are also a serious issue, complicated by the fact that few users are able to update their devices to a recent version of Android. Currently, three-quarters of Android devices on Google Play are running a version older than last year's Android 5.0 Lollipop.


In the summer of 2014, Google's chief executive Sundar Pichai introduced Android 5 with contributions from Samsung's Knox security software (that makes up the foundation of its SAFE initiative) ostensibly working to secure the platform.

A year later, Google has launched another new version of Android before seeing even a quarter of its installed base adopt last year's Android 5, making it somewhat ironic that the newest Android software has already been undermined by flaws in code added by Samsung itself.

Source: AppleInsider

Tags: Android, Galaxy S6, Google, security

Add comment

Your name:
Sign in with:
Your comment:

Enter code:

E-mail (not required)
E-mail will not be disclosed to the third party

Alex#10 0
All things coenedirsd, this is a first class post
Kaori#20 0
20.10.2012 11:21 от Ребятушки, давайте еще и прямую ссылку на YouTube, пожалуйста — со смартфона невозможно нормально смотреть видео, оно у вас не ресайзится до размеров экрана, просто обрезано на треть. То же и с картинками на главной и в статьях. Galaxy nexus, jb 4.1.2, chrome.

Last news

Galaxy Note10 really is built around a 6.7-inch display
You may still be able to download your content
Facebook, Messenger and Instagram are all going away
Minimize apps to a floating, always-on-top bubble
Japan Display has been providing LCDs for the iPhone XR, the only LCD model in Apples 2018 line-up
The 2001 operating system has reached its lowest share level
The entire TSMC 5nm design infrastructure is available now from TSMC
The smartphone uses a Snapdragon 660 processor running Android 9 Pie
The Samsung Galaxy A5 (2017) Review
The evolution of the successful smartphone, now with a waterproof body and USB Type-C
February 7, 2017 / 2
Samsung Galaxy TabPro S - a tablet with the Windows-keyboard
The first Windows-tablet with the 12-inch display Super AMOLED
June 7, 2016 /
Keyboards for iOS
Ten iOS keyboards review
July 18, 2015 /
Samsung E1200 Mobile Phone Review
A cheap phone with a good screen
March 8, 2015 / 4
Creative Sound Blaster Z sound card review
Good sound for those who are not satisfied with the onboard solution
September 25, 2014 / 2
Samsung Galaxy Gear: Smartwatch at High Price
The first smartwatch from Samsung - almost a smartphone with a small body
December 19, 2013 /

News Archive



Do you use microSD card with your phone?
or leave your own version in comments (15)