STE WILLIAMS

Security probe-wielders from Google’s Project Zero team in Europe and the United States have flayed the Samsung Galaxy S6 Edge, finding 11 nasty vulnerabilities in the flagship handset.

The informal hack-off focused on Samsung’s latest OEM offering rather than the pure Android Nexus because of its popularity and therefore the necessity to make sure it is secure.

The teams consisting on James Foreshaw, Natalie Silvanovich, Mark Brand, and others

Tamagotchi defiler Silvanovich organised the affair, which produced means for attackers to forward Samsung emails to whatever address they please, own devices with media ala Stagefright, and pop phones with five memory corruption holes.

“A week of investigation showed that there are a number of weak points in the Samsung Galaxy S6 Edge,” Silvanovichsays.

“Over the course of a week, we found a total of 11 issues with a serious security impact.

“Several issues were found in device drivers and image processing, and there were also some logic issues in the device that were high impact and easy-to-exploit.”

Silvanovich tagged as most interesting a directory traversal hole (CVE-2015-7888) Brand found that allows files to be written as system.

“There is a process running a system on the device that scans for a zip file in /sdcard/Download/cred.zip and unzips the file. Unfortunately, the API used to unzip the file does not verify the file path, so it can be written in unexpected locations,” Silvanovich says.

“On the version of the device we tested, this was trivially exploitable using the Dalvik cache using a technique that has been used to exploit other directory traversal bugs, though an SELinux policy that prevents this specific exploitation technique has been pushed to the device since.”

Samsung made good on its promise to patch quickly by throwing an over-the-air update 90 days after the disclosures were made. Three less-severe issues are, however, zero-day affairs for now.

The messes found in the phone are listed below.

Teams battled to attack three main attack surfaces of the Samsung S6 Edge that are reasonably consider the components of the exploit chain that can escalate to kernel privileges from a “remote or local starting point”.

Specifically they had to:

1. Gain remote access to contacts, photos and messages. More points were given for attacks that don’t require user interaction, and required fewer device identifiers.
2. Gain access to contacts, photos, geolocation, etc. from an application installed from Play with no permissions
3. Persist code execution across a device wipe, using the access gained in parts 1 or 2

They team found two flaws with Samsung email including a JavaScript hole, and the means for malware to hide effectively. ®

Sponsored:
Go beyond APM with real-time IT operations analytics

Article source: http://go.theregister.com/feed/www.theregister.co.uk/2015/11/04/google_project_zero_samsung_galaxy/