ibusinesslines.com
ibusinesslines.com October 15, 2018


Are hardware makers doing enough to keep Android phones secure?

13 April 2018, 09:41 | Jodi Jackson

Are hardware makers doing enough to keep Android phones secure?

Are hardware makers doing enough to keep Android phones secure?

The issue didn't extend to Google's devices, of course, so those with Pixel and Pixel XL, or Pixel 2 and Pixel 2 XL devices were safe, but the report claims that some OEMs, including Sony, Samsung, and Wiko had missed at least one security patch.

Which smartphone maker skipped how many patches?

What's The Story Of Android's Security Patches All About?

SRL researchers Karsten Nohl and Jakob Lell back engineered phones from Google, Samsung, HTC, Motorola, ZTE, TCL, and others checking at the source-code level to see if all the patches were present.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security".

Several manufacturers have been pretending to stay on par with the latest updates without pushing any actual update. One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not. SRL says that it had tested the firmware on around 1,200 Android phones, looking for whether or not patches had been applied, which led to it finding devices that had changed the dates forward without actually adding the patches in.


What makes it worse as Nohl points out is the fact that it is nearly impossible for the user to know which patches are actually installed.

It would seem that your brand-spanking new Android phone is not as secure as you think it might be.

As if the Android security update situation couldn't get any worse, it appears that some Android device makers have been caught lying about how secure their phones really are. On some phones, the patch gaps numbered in the dozens. The randomization helps to alter the location of a program in memory and sandboxing limits the access to the rest of the device.

That all said, it's not necessarily a disaster that your phone might not have every single last possible security patch installed, and it often takes more than one unpatched bug to leave your phone open and vulnerable to attackers.

In several cases, the chip makers were found to be the main culprits. While phones making use of Qualcomm's Snapdragon and Samsung's Exynos are less likely to miss out on patches, those running on MediaTek chipsets were found to be missing out on a lot more (9 on average). And if a company making those chips isn't keeping up with patches, it becomes quite hard for the manufacturers of the phones running them to fully secure their devices. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers.



Other News

Trending Now

'Spelling error' gets banned Dublin mayor Michael Mac Donncha into Israel
However, the Lord Mayor confirmed he was in Ramallah and preparing for a conference. He did therefore not show up on the watch list.

Bargain Guide - God of War
Echoes of Kratos' past, which he is reticent to discuss, haunt the warrior-turned-reluctant father, dogging his every step. As I wrap up my first 12 hours of the game , it's obvious that there's much more to unpack in God of War and I welcome it.

Trump tweets that he'll continue to cooperate with Mueller
Whiting said that whether Mueller will subpoena Trump to testify before a grand jury "is really a strategic choice". Trump later backed down and, unsurprisingly, claimed publicly that the Times report was " fake news ".

CDC Investigates E. Coli Outbreak In Connecticut And Other States
Coli outbreak in the United States has reached OH , where, until now, only one confirmed case has been registered by the CDC . A total of 17 cases have been reported across Connecticut, Idaho, Missouri, New Jersey, Ohio, Pennsylvania, and Washington.

Hold Recommendation?: Rio Tinto plc (RIO)
Year to date (YTD) refers to the period beginning the first day of the current calendar or fiscal year up to the current date. When the price rises above the moving average, it indicates that investors are becoming bullish on the commodity.

Conor McGregor Reminds Fans About The 2 People He Loves Right Now
Conor McGregor is known for lending his name to all sorts of products: boxer shorts, burgers and bourbon, to name but a few. When I commentate on fights my goal is to highlight the action and make it more exciting for the fans at home.

Commonwealth Games 2018: BBC presenter falls in pool during interview
He appeared to get down to the first step in the pool and inadvertently moved slightly deeper thinking the floor would be level. Bushell then provided a word of caution to the viewers: "Just look before you get into the swimming pool, OK".