Google has highlighted 11 security flaws in Samsung's flagship Android handset, the Galaxy S6 Edge.
The vulnerabilities include a loophole that could have been used by hackers to gain control of a victim's phone.Most of the issues were fixed after Google notified Samsung, but some have yet to be addressed.
One independent expert said the bugs "significantly weakened the security" of Google's operating system.
"There is definitely a tension between Google and the handset manufacturers because Google wants to protect its Android brand, and when it comes to security, Android has been quite tarnished," added Dr Steven Murdoch, a security researcher at University College London.
"Some of that is down to the extra software that handset manufacturers add."
A statement from Samsung said the three remaining bugs would be fixed via a security update later this month.
"Maintaining the trust of our customers is a top priority", said the company.
Hijacked emails
It said that several of the flaws would have been "trivial to exploit".
"The majority of these issues were fixed on the device we tested via an OTA [over the air] update within 90 days.
"It is promising that the highest severity issues were fixed and updated on-device in a reasonable timeframe."
Among the vulnerabilities was a weakness found in Samsung's email software that could have allowed hackers to forward a victim's messages to their own account.
Another allowed attackers to alter the settings of Samsung's photo-viewing app by sending the handset a specially encoded image.
But Google said the most interesting issue was the existence of a "directory traversal bug" in a wi-fi utility built in to the phone.
"If someone provided malicious data to the software, they could then change other files on the system and interfere with other functions, in particular security functions,"
No comments:
Post a Comment