Google Hackers Expose 11 Major Security Flaws In Samsung Galaxy S6 Edge

MojoKid writes: Going on a bug hunt might not sound like the most exciting thing in the world, but for Project Zero, the name for a team of security analysts tasked by Google with finding zero-day exploits, a good old fashioned bug hunt is both exhilarating and productive. As a result of Project Zero's efforts to root out security flaws in Samsung's Galaxy S6 Edge device (and by association, likely the entire Galaxy S6 line), owners are now more secure. The team gave themselves a week to root out vulnerabilities. To keep everyone sharp, the researchers made a contest out of it, pitting the North American and European participants against each other. Their efforts resulted in the discovery of 11 vulnerabilities, the "most interesting" of which was CVE-2015-7888. It's a directory traversal bug that allows a file to be written as a system. Project Zero said it was trivially exploitable, though it's also one of several that Samsung has since fixed.

Android

[sociocapitalist]

Other than buying Nexus devices, the best way to 'secure' an Android phone appears to be to keep nothing of value on it.

I'm considering returning a Marshall phone I just bought because (a) it's still vulnerable to Stagefreight even though it's a phone that was brought to market within the last thirty days and (b) I have zero confidence that updates will ever make this a reasonably secure phone.

A shame really as I like the phone and the sound quality is better than any other phone.