The Project Zero team over at Google conducted a security audit on the Samsung Galaxy S6 edge and found 11 high-impact security threats on the device.
Despite Samsung boasting about the security of its high-end devices and its KNOX platform, the company shipped the Galaxy S6 edge with 11 serious security vulnerabilities. The most serious one was the CEVE-2015-7888 vulnerability, which allows a file to be written as a system. Other vulnerabilities were discovered in device drivers, image processing and logic issues. Two issues were found in Samsung’s stock email client as well. As if pre-loaded apps from OEMs were not good enough at making the device slow, they now also pose a security risk.
The Project Zero team does note that SELinux made it more difficult to attack the device, though three bugs discovered by them made it possible to completely disable it.
To Samsung’s credit, once the Project Zero team at Google informed them about the 11 exploits, they fixed eight of them in the October Maintenance Release for the handset, while the remaining three issues will be fixed in the November Maintenance Release. The total turnaround time from the company to fix the exploit was within 90 days after being informed about the exploit, which is not really confidence inspiring.
Considering that Samsung is proud of its Knox security platform, it is pretty shocking and disappointing to see that its flagship handset shipped with no less than 11 major security vulnerabilities.
You can find more details about the security exploits discovered by the Project Zero team on the Galaxy S6 edge here.