Samsung flagship came with many vulnerabilities, according to Google’s Project Zero
Samsung’s latest flagship smartphone, the Galaxy S6 Edge, featured a number of potentially worrying security vulnerabilities upon its release, it has been revealed.
Research by Google’s Project Zero security team found 11 serious security flaws in the device, most of which have now been fixed, although some still remain, and hopefully will be patched by the end of this month.
The Galaxy S6 Edge was revealed back in March at Mobile World Congress, and gained great attention thanks to its curved glass screen.
The Project Zero team said that several of the flaws would have been “trivial to exploit,” and included a vulnerability that could have been used by hackers to gain control of a victim’s phone thanks to a bug in the device’s Wi-Fi connectivity.
Among the vulnerabilities was a weakness in the Samsung email client that could have allowed hackers to forward a victim’s messages to their own account.
“It is a very noisy attack, as the forwarded emails show up in the user’s sent folder, but it is still easy access to data that not even a privileged app should be able to access,” said Project Zero’s Natalie Silvanovich.
Another of the more serious flaws allowed attackers to alter the settings of Samsung’s photo-viewing app by sending the handset a specially encoded image.
“Over the course of a week, we found a total of 11 issues with a serious security impact,” the team noted in a blog post.
“The majority of these issues were fixed on the device we tested via an OTA [over the air] update within 90 days. It is promising that the highest severity issues were fixed and updated on-device in a reasonable timeframe.”
In a statement, Samsung confirmed it had addressed the particular issues in a security update released last month, and that it encourages users to keep their software and apps updated at all times.
What do you know about the smartphones of 2015 so far? Try our quiz!