News
Vectra comments on Which? report that Android devices are at risk of being hacked
March 2020 by Chris Morales, Head of Security Analytics at Vectra
Chris Morales, Head of Security Analytics at Vectra on the latest report by Which? that suggests Android devices are at risk of being hacked because they are no longer protected by security updates:
“Android device manufacturers, in particular Samsung who is the largest seller, load their devices with tons of features and custom software on top of the default Android. This makes it slow and cumbersome to release software updates in a timely fashion as they have to test those updated against their own custom software.
Android devices end up months behind (if supported at all) after they are released to the market. This makes them easy targets for in the wild and well-known vulnerabilities.
Looking at the latest February Android security update, there are 13 disclosed vulnerabilities in Android that are patched.
The most severe vulnerability targeting the Android framework could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions.
The most severe vulnerability targeting the Android system could enable a remote attacker using a specially crafted transmission to execute arbitrary code within the context of a privileged process.
Android device manufacturers are notified of security updates a month before they publish.
To date, I’m only aware of Google and Essential providing a timely update to this. Everyone else is still yet to be seen. Most likely OnePlus and Nokia will provide an update next. But as for everyone else, devices can easily go unpatched for months.
The March update is right around the corner and most vendors have yet to apply the last round of patches. It becomes a compound problem as new vulnerabilities are disclosed.”
