back to article Samsung S6 Edge has 11 nasties, says Google Project Zero team

Security probe-wielders from Google's Project Zero team in Europe and the United States have flayed the Samsung Galaxy S6 Edge, finding 11 nasty vulnerabilities in the flagship handset. The informal hack-off focused on Samsung's latest OEM offering rather than the pure Android Nexus because of its popularity and therefore the …

  1. Grikath

    or you simply install your average app and blindly click on "allow all permissions"...

    1. This post has been deleted by its author

      1. John Smith 19 Gold badge
        Unhappy

        "the fact that Samsung are so laid back and pathetic with providing patches"

        Ummm.

        I think in handset land 3 months to an OTA patch is considered "fast"

      2. 404

        About that Note 3

        What happened with it?

        I ask because we have Note 3's with contract time coming up again and I have yet to see a compelling reason to upgrade to any handset currently available. We like our Notes.

      3. John Tserkezis

        "Not all of us install, 'apps', on our handsets"

        Then you have no better than what we would call a "Dumb Phone".

        Or specifically in your case, an "Expensive Dumb Phone".

  2. xj650t

    I hate to say it

    But isn't it time for Google to step up and be responsible for it's OS and provide timely security updates ala Microsoft/Apple?

    The handset makers can then just skin their flipping phones however they like and we'll be free to replace whatever crud launcher is default with our favourite safe in the knowledge updates will be coming down the wire.

    Written on a 3 year old Note 2, that still works fine but will never get the Stagefright security updates, thanks Sammy /angry

    1. Steve Davies 3 Silver badge

      Re: I hate to say it

      and for that is it little wonder that 30% of the converts to iPhone came from Apple.I wonder what percentage of those were former Samsung owners?

      IMGO, (and has been said already), it is time that google insisted that anyone branding their phone Android signs up to provide patches for at least 3 years. Androd is a google trademark and they should be protecting it. Sooner or later it could be dragged down to near zero in the eyes of the public by the inactions of the likes of Samsung, HTC etc.

      Think about how much that lovely shiny new (June 2015) VW sitting outside your home is worth now? The VW brand has been Ratnered IMHO.

      Even the most rabid fanboi wants decent competition to keep Apple on their toes. At the moment there is a lot of footgun going on in the Android world.

    2. GregC

      @ xj650t

      There is, of course, always more Google could be doing on Android security - however in this case, 9 of the 11 vulnerabilities reported are/were in Samsung drivers or applications, not generic Android ones. How are Google supposed to control those?

      1. Dave 126 Silver badge

        Re: @ xj650t

        A new Android OTA update has to bounce around the chipset manufacturers, the handset manufacturers and sometimes the network operators... There isn't much Google by themselves to make this faster, except to use their Nexus devices as examples to the other parties.

        More of what was the core Android OS has been absorbed into Google Play Services (or whatever it's called this week) which can be updated like any other app. But still, every device needs a custom build of Android.

    3. Charlie Clark Silver badge

      Re: I hate to say it

      But isn't it time for Google to step up and be responsible for it's OS and provide timely security updates ala Microsoft/Apple?

      Which is what it does with AOSP. However, it's recently gone beyond that and starting adding stuff in via PlayServices. I recently got a stagefright patch like this on my S5.

      Clearly, what is missing is the issue of liability which it will be for the courts to decide. EU warranty law is pretty clear on this but it's just not being tested at the moment. Project Zero seems to me a serious attempt to raise the profile of the flaws and the fact that Google has often already provided fixes for them.

      Security is an afterthought for too many in the industry. But it will continue to be this way until it becomes too expensive to ignore it.

    4. Anonymous Coward
      Anonymous Coward

      Re: I hate to say it

      No, its time for consumers to shop smart.

      All my android devices are bang upto date on security patches, they are Google Nexus and Sony Xperia. Both from reputable vendors with no network intervention.

      It's also worth mentioning that android is FAR more serviceable than iOS and windows phone, as much of android csn be serviced via play store app and service updates. IOS needs a whole OS update.

  3. Anonymous Coward
    Anonymous Coward

    Samsung has a poor reputation when it comes to security, I remember this howler:

    http://forum.xda-developers.com/showthread.php?t=2048511

  4. jason 7

    My past two phones have been Android.

    To be honest, as far as I know I haven't had any issues security wise with them. However, the current lack of any clear leadership and control in the Android world is worrying and I think will eventually be it's downfall unless Google or someone (anyone responsible) takes control.

    I find this current policy of ring-fencing by carriers, multiple models by phone suppliers which just dilute the support even further, the reluctance to support products past 6 months baffling. Just how difficult does it have to be?

    Do we really need a big Android snafu to make them actually do something? But will that mean the end and Apple taking all the rewards?

    1. Anonymous Coward
      Anonymous Coward

      Re: My past two phones have been Android.

      This is the crux of the matter

      To be honest, as far as I know I haven't had any issues security wise with them.

      As far as you know... How do you know that some App has not been quietly slurping data and sending it off to pastures new? IMHO, it is very hard to detect that sort of thing.

      What really irks me and was one of the main reasins why my Android phone got binned was the lack of patches. you can see Google fixing lots of security holes yet the likes of Samsung show no interest in updating their phones with those patches.

      Google could fix it but seemingly don't want to do that.

      In the meantime, Apple are patching any Iphone 4s that is running iOS 9.

      Who really cares for their customers then? Love or Hate Apple they at least patch their devices.

      Come on Google. Stop trying to divert our attention with this stupid Alphabet re-branding and get your Android house in order. Even something approaching what Apple (wrt Patching & Support Time) has will do very nicely thank you very much.

    2. Anonymous Coward
      Anonymous Coward

      @jason 7

      Yes, Android will need a couple major security issues that affects a lot of people in a visible way. Think Nimda or ILoveYou viruses on Windows that after a few similar things got them to be more serious about security and halt development on the next Windows to go back and better secure (for some meaning of 'better') Windows XP with SP3.

      But no it won't mean Apple taking all the rewards. Will it help iPhone sales, sure, but a lot of people around the world can't afford an iPhone, some won't switch because of the lack of choice compared to all the different form factors and feature sets available in the Android world, and some just won't care enough about security to worry about it even if it personally affects them (and obviously the Apple haters would never switch no matter what)

      It would also be an opportunity (probably the last/only one) for Windows and the Blackberry flavor of Android to become more than just an afterthought in market share. The movement would be away from Android, not necessarily towards Apple. Not that Apple will complain about the influx, which might be enough to delay "peak Apple" from actually happening another couple years (my current guess is that the iPhone 7S will be the first model to see a YoY sales drop, though that depends on what the 7 and 7S add that might help goose upgrades/switchers)

  5. Bota

    This is exactly why I'm moving over to ios.

    I have been a Samsung user for 3 years, as was my wife, mother and sister.

    The only left out of the switch is me and I'm holding out until January. I'm constantly frustrated with Samsung and their slow or none existent updates.

    At least with apple they seem to take their security seriously, android / android resellers are a joke at this point.

    1. Charlie Clark Silver badge
      Stop

      Apple's record on the security front isn't exactly stellar. Yes, they do provide updates for an enviable number of devices when they do release them but there millions of devices are out there at any one time which maybe vulnerable to known but undisclosed exploits: think of permission escalation on OS X and the slew of bugs not fixed for IOS 8.

      The fact is that Apple stuff is not more secure, and I say this from a MacBook, but Apple does care more about its reputation than other companies.

      1. Anonymous Coward
        Anonymous Coward

        Apple and Google are similar in the fixing of security issues, but Google is far behind in ability to deilver them. If there's a major exploit found for both, it can be wiped off iPhones in a matter of weeks, for Android it will live forever since half the existing devices in use would never receive the upgrade.

  6. Jon Massey

    Nasty bitmap

    Hard-crashes windows photo viewer, too!

  7. slinkywizard

    My experience with Samsung since coming back to them (ironically with an S6 Edge) has been nothing short of brilliant on the patch front. I've had an update every month within a few days of the start of the month.

    If Google released a competing Nexus 5 though, I would be back that way without a second thought...

  8. MrT

    Davy Crockett's handset...

    "Teams battled to attack three main attack surfaces of the Samsung S6 Edge"

    The left screen, the right screen and the wild front screen...?

  9. Anonymous Coward
    Anonymous Coward

    How come the Edge version is mentioned but not the much more popular standard S6? Presumably a lot of these bus would be relevant to both.

  10. Anonymous Coward
    Anonymous Coward

    fixed!

    "Samsung's latest OEM offering rather than the pure Android Nexus because of its popularity and therefore the necessity to make sure it is secure them look bad".

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2022