Google researchers suggest Android OEMs add vulnerable code

Google researchers suggest Android OEMs add vulnerable code

Security researchers at Google have discovered that Android manufacturers don’t do much to improve the security of the ecosystem, especially if they’re adding custom skins and software to the operating system.

The team at Google analyzed Samsung’s Galaxy S6 Edge, running Android 5.1 with TouchWiz, and found 11 “high-impact security issues” that were relatively easy to find during a week’s work. The idea was to see how an OEM device differs from a Nexus device running stock Android in its security, and the results shouldn’t come as a huge surprise.

One of the vulnerabilities the researchers discovered in the S6 Edge related to a process that scanned for and automatically unzipped a file in a certain location. Samsung wasn’t verifying the file path, however, which allows an attacker to write files to an unexpected system location.

Read More

By Techspot with No Comments 0 291

Related Posts

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

View More