Google researchers poke holes in Galaxy S6 Edge, show OEMs add risky code
Google’s security researchers hunted for bugs in Samsung’s Galaxy S6 Edge phone as part of an experiment to see how vulnerable the code that manufacturers add to Android can be. It’s pretty bad.
The researchers found 11 vulnerabilities in Samsung’s code that could be exploited to create files with system privileges, steal the user’s emails, execute code in the kernel and escalate the privilege of unprivileged applications.
“Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down,” the security researchers said in a blog post. “The weak areas seemed to be device drivers and media processing. We found issues very quickly in these areas through fuzzing and code review.”