Google Reveals 11 Vulnerabilities In Samsung's Galaxy S6 edge |

Google Reveals 11 Vulnerabilities In Samsung's Galaxy S6 edge

Good news is that eight out of the eleven have already been fixed.


Google’s Project Zero team has indeed had a busy month. The team that looks into finding vulnerabilities had a bit of competition with two teams cracking down on a not so normal candidate for speculation, the Samsung Galaxy S6 edge smartphone.

On a normal day, the team usually delves into finding vulnerabilities on Google’s own Nexus hardware. The Project Zero team suddenly decided make it into a hackathon of sorts and the results were indeed impressive.

The teams found about 11 vulnerabilities on one single Samsung smartphone. Mind you, this is just one OEM (original equipment manufacturer) device among the thousands on sale out there. And all eleven of those vulnerabilities were big ones. Another angle to this research would be that most of its vulnerabilities were the result of Samsung’s customisations to the stock Android firmware.

So in short manufacturers tweaking Google’s AOSP (Android Open Source Project) code is leading to bigger problems for Google. While we cannot blame Google for same, Google will eventually need to allow for fewer customisations to the core of Android, in order to be able to patch up such vulnerabilities quickly. This is because this was about 10 experts working for a week on just one smartphone from one OEM. So while the fruits of this research are big, the possibilities of fixing them, in reality, are very limited keeping the current scenario in mind. 

While the 11 vulnerabilities aboard the Galaxy S6 edge had been reported to Samsung, 8 of them have already been resolved with a recent maintenance release that Samsung pushed out in October. So if you are a S6 edge owner, there is nothing to worry about.

As for the remainder, another patch in November will fix the same.

All of this just goes to show how insecure Android as a platform really is due to its open source nature. But it also shows how manufacturer customisations are making things harder for Google to fix things, that it should not really be focussing on.


TAGS: Google, Android, Samsung GALAXY S6 edge, security updates