Google's Project Zero security team spent a whole week investigating security issues only for Samsung's Galaxy S6 Edge phone, and after their work was done, 11 new, shiny zero-day bugs were brought to light.
Project Zero is a program started by Google, with the aim of improving overall application security by having its own top-of-the-line security experts actively search, find, report, and help fix zero-day bugs in commonly used software.
Their researchers have quite a reputation in the business and were able in the past to find and fix issues with Windows drivers, the Android project, and quite a long list of antivirus engines.
It all started as a game
A few months back, the Project Zero team decided to diversify their daily work routine by focusing all their efforts only on one project at a time, while also splitting into two teams (Europe vs. North America) and see which one discovered the most bugs.
The project they chose to work on was Samsung's latest smartphone, the Galaxy S6 Edge, mainly because it has a large userbase, and also deploys a modified version of Android.
Since Google had already gone over Android's code with a fine-tooth comb, looking for bugs, its Project Zero team was trying to identify new flaws that were introduced by Samsung when it adapted the Android OS to its custom hardware setup.
Before beginning their work, the team also set out to find a specific set of bugs, actively looking for remote exploits that granted them access to contacts, photos, and messages. Additionally, if the developers had found other bugs or a way to gain device persistence, their team would have won extra points.
11 zero-days, most in Samsung's drivers and media processing utilities
While the contest started out for fun, after a week's work, things turned gloomy when the researchers found a total of no less than 11 zero-day vulnerabilities, three of which were trivial to exploit.
"Overall, we found a substantial number of high-severity issues, though there were some effective security measures on the device which slowed us down," says Google's Natalie Silvanovich. "The weak areas seemed to be device drivers and media processing."
The researchers notified Samsung of the issues, which quickly fixed 8 of them during the company's October Maintenance Release, while the other 3 will be solved in November.
Below is a table with all the bugs they've found.
Issue | Status | Description |
---|---|---|
CVE-2015-7888 | Fixed | Directory traversal bug that allowed an attacker to write files to an arbitrary path as the system user. |
CVE-2015-7889 | Fixed | An unprivileged application can cause the user’s emails to be forwarded to another account. |
CVE-2015-7890 | Fixed | Buffer overflow vulnerability in the Exynos Seiren Audio driver that led memory corruption to occur. |
CVE-2015-7891 | Fixed | The Samsung Graphics 2D driver is accessible by unprivileged users/applications. |
CVE-2015-7892 | Fixed | The Samsung m2m1shot driver causes a buffer overflow. |
CVE-2015-7893 | Not Fixed | JavaScript embedded in an email message can be executed in the email client. |
CVE-2015-7894 | Fixed | Downloading and scanning an image causes memory corruption. Allows privilege escalation. |
CVE-2015-7895 | Not Fixed | Opening an image in the Samsung Gallery app causes the app to crash and escalates privileges. |
CVE-2015-7896 | Fixed | Downloading and scanning an image causes memory corruption. Allows privilege escalation. |
CVE-2015-7897 | Fixed | Downloading and scanning an image causes memory corruption. Allows privilege escalation. |
CVE-2015-7898 | Not Fixed | Opening an image in the Samsung Gallery app causes the app to crash and escalate privileges. |