If you're looking at getting a Samsung phone, you may want to proceed with caution. Researchers at Google's security analysis team Project Zero discovered 11 high-risk security flaws that could let an attacker wreak havoc with a customer's Galaxy S6.
The team devised a contest between the North American and European members of Project Zero. Five people on each team were given three tasks to focus on: gain remote access to device data, gain access from an app downloaded through the Google Play store and continue code execution even when the device is formatted.
The good news is that eight of the 11 problems were fixed in the October maintenance release. Samsung told the team that the remaining three would be fixed in November. Two of the three remaining flaws are low risk, while the third, which attacks through the email client, has an unclear effect.
The exploits are a strong reminder that keeping devices up-to-date is vital. Software updates usually include security fixes that can keep attackers at bay, and the best defense is making sure that devices aren't running out-of-date software. Different devices have different update methods, and manufacturers usually provide how-to instructions.
It's a strong reminder that even though a device is running Android, oftentimes the user is at the mercy of a third party to keep their device up-to-date. Devices like Google's Nexus 5X, which are developed directly by Google and run stock Android, are able to receive updates quicker as the manufacturer doesn't need to make sure the updates work with its custom-made software.