Monday, January 25, 2016

Upgrade Issues mobile devices running Android – securitylab

On the problems of update mobile devices speak for a long time and for a long time. But, alas, smartphones, especially running Android, updated producers very, very reluctantly. Or not updated.

Let us turn to statistics. Published in January, the analysis Security Duo show that at least 90% of Android devices today are running outdated versions of the OS, which entails considerable potential risks for corporate and private users. Approximately 70% of devices running Android 4.4 and older versions. It turns out, they are susceptible to these vulnerabilities as Stagefright. This vulnerability opens the attacker access to the device and then to the corporate network via MMS, for example, photos or video.

According to Duo, more than 20 million. Android-devices connected to the corporate network, is no longer supported by the manufacturer and because they can not be upgraded to the latest software versions, which would eliminate their vulnerability.

The position of manufacturers known. So, Google has officially stated that it will not release updates for devices older than two years. However, this position does not protect the producer. Thus, the claim for lack of timely updates Android-based smartphones from Samsung makes the association Dutch Consumers’ Association (DCA). According to research by DCA, at least 82% of the smartphone Samsung, available on the Dutch market, have not received the update to the latest version of Android in two years. This has led to the fact that most of these devices have vulnerabilities. Employees DCA reported that the agency associated with Samsung, but to reach an agreement was not possible and therefore decided to go to court.

But do not think that even if the court would force Samsung to take the necessary measures, the security situation in the market Android smartphone will improve significantly. Today, there is no standard of the operating system and every smartphone maker released its version of firmware for your device, so the update requires a significant effort. But these unique devices based on Android, according to the results of research, today released more than 10,000.

Thus, the problem of updates, due to lack of a common standard, to date almost no solution.

What should I do?

Duo encourages IT professionals to implement the following measures to reduce the risks of:

· Create security policies of mobile devices.

· All employees must use the PIN -codes to lock the device.

· Prohibit use of smart phones with root.

· Be sure to update your mobile devices.

· Upgrade or replace outdated smart phones that are no longer updated by the manufacturer.

· Encourage employees to use smart phones with more frequent updates from the manufacturer.


No comments:

Post a Comment