Pagoda Blog

"For a user running a vulnerable version of Android, it's as simple as going to a website, connecting to a rogue AP or being under traffic redirection attack, and you get compromised," said Zuk Avraham, founder and CTO of Zimperium. "It's a (relatively) fast and reliable attack."

 

About 90% of Android users are currently vulnerable to malware attacks. There is even a website dedicated to charting these attacks and showing which manufacturers have secure or insecure devices. It seems that it is not completely the fault of the owners, but rather that the devices have not received their regular security updates.

 

There was a study done that found Android devices receive 1.26 updates per year, even though Google releases monthly security updates for the open-source Android software. As a result, most Android devices are vulnerable to security breaches.

What does this mean?

This is a somewhat complex question. It has to do with Google, the device manufacturers, and the cellular carriers. When Google supplies a security patch, the phone manufacturers must change their firmware to reflect the update for each of the smartphones they offer. Once this happens they must test their updated firmware on the multiple variations of the smartphone they have. When the testing has been finalized they send their versions of the updated firmware to the cellular carriers, who then do their own round of testing. After their testing is complete and approved, they push out to the phone users.

 

This long and complicated patching process can lead to Android users being left vulnerable for months, even when Google has fixed a well known security issue like Stagefright.  

 

What is being done about this?

 

Well, the short answer is, not much. Google is releasing monthly security updates, and is handling the development, marketing and support for these updates. LG has also committed to updating its security each month. Samsung has implemented a fast track patching process for security updates so that it is as up to date as possible each month and HTC is also attempting to push out regular updates.

Image from www.oneclickroot.com

However, all this work is not necessarily enough to solve these problems. The cellular companies need to change as well. Improving upon the testing process would drastically speed up the approval date for the new firmware when an update is released by google.

 

What can we do?

At this point the security update issues won’t be fixed for quite some time. We can only say keep your eyes and ears open when purchasing a new phone. Do your homework and check the security breaches for each manufacturer, and cellular company. Like other vulnerable areas on the internet, keep on your toes and stay safe when browsing, downloading apps and downloading email attachments.

 

––––––––––––––––––––––––––––––––––––––––––––––––––––––––––

About Pagoda Technologies IT services

Pagoda Technologies is a globally recognized IT support company doing business in Santa Cruz, San Jose and all over the world who is working to help businesses and their IT departments run smoothly and efficiently. To learn how Pagoda Technologies can help your business, email us at support@pagoda-tech.com to schedule a no cost business assessment.