Those seriously interested confidentiality of their data have
more reasons to attract a new smartphone
Priv. BlackBerry is known for its high skills
programming – it can be expected that prepared by
These Android will be much safer than what offer
may, for example. Samsung. Experts from Google Project Zero looked at
Bundled software so carefully by Koreans on
their flagship smartphone Galaxy
S6 Edge, and what they found makes believe that it is better, however, to
some do not combined with Android, they left him pure in
a form offered by Google.
Recently, members of the Project Zero invented himself competitions
attacking the popular flagship Samsung, which consisted of
three competitions. The first is to obtain remote access to
contacts, photos and messages – the less is required
user interaction, the better. The second is to gain access
contacts, photos, etc. geolocation data. Applications
Play installed from the store without special powers. Third
This code capable of preparing to survive the cleaning device, with
using the access gained in the first and second competition.
In a contest between teams from North America and Europe, the
five hackers in each. It took only one week to as part of this
fun vulnerabilities found in software developed by Samsung.
allowing to carry out these attacks.
The most serious of these is a bug in the WifiHs20UtilityService
(CVE-2015-7888), looking for the downloaded zip file, and then it
unpacking … with a little help from anywhere.
Also in the system partition.
Another interesting and easy to use bug (CVE-2015-7889)
He was in the mail client Samsung, linked to a lack
authenticate one of the handles intention. It allows
unprivileged application to send a series of intentions that
will cause the mail client redirects the user’s e-mail
another account. Another flaw in mail client (CVE-2015-7893) allowed the
turn on the remote activation of JavaScript code embedded in an e-mail.
also found quite interesting bugs in drivers,
media-enabled processes to allow a buffer overflow and
errors in the parsing of pictures in the Gallery and scanning services
directories. A total of 11 errors, some of which were as
defined, trivial to discover and wyexploitowania. The only
consolation was used by Android SELinux, which made it difficult
practical attack, but do not get your hopes up too much to enjoy, since three
from the bug fixes allow for the exclusion of this
security mechanism of the kernel.
Errors soon after the discovery was reported to Samsung. Eight of the
These have been fixed in the context of the October update
the other three, which are less of a threat will be removed
in November. Members of the Google Project Zero praise the manufacturer for
that the most serious vulnerabilities patched within a reasonable time,
providing fast update – but let’s be honest,
even if such undiscovered fault may lie in the software
Samsung? It is worth remembering that the gaps in the Galaxy series smartphones
among the most valuable on the black market, it finally
the most popular brand of devices with Android, so do not
count on the fact that what if the black hats to them is not
interest.
No comments:
Post a Comment