You might be familiar with “Project Zero”. Well, the moniker describes two different concepts, so let’s recap for a second. Project Zero was reportedly the internal codename at Samsung that had a simple (yet complex) goal: to redesign the Samsung Galaxy S6 (and subsequent models and variants), from the ground up, in order to produce a more compelling phone overall. Project Zero also happens to be the name for a team of security researchers (some call them hackers) inside Google, announced on July 15, 2014, that has a single purpose: checking the security of products.
It just so happens that the Google Project Zero team took a closer look at one of Samsung’s Project Zero products, the Galaxy S6 edge. After an entire week with the phone, their findings are interesting, to say the least. The team has discovered and reported 11 high-impact Galaxy S6 edge security issues (mostly with device drivers and image processing).
The methodology was pretty simple. Each team within Project Zero had to work on three challenges: 1. gain remote access to contacts, photos and messages. 2. gain access to contacts, photos, geolocation, etc. from an application installed from Play with no permissions. 3. persist code execution across a device wipe, using the access gained in parts 1 or 2
11 issues were discovered and reported. To Samsung’s merit, eight out of those 11 were fixed promptly through an October Maintenance Release (however, some carrier variants might have no yet received it), with the remaining issues (lower severity) expected to be fixed this month.
For a complete list of the problems found, descriptions, and more details, make sure to check out the source link below.
Source: Google Project Zero