ibusinesslines.com
ibusinesslines.com May 23, 2018


Are hardware makers doing enough to keep Android phones secure?

13 April 2018, 09:41 | Jodi Jackson

Pentagon creates new position to help guide software acqusition, F-35 development

Silicon Valley's finest all want the Pentagon's cloud contract, even if it's not a sensible idea

The issue didn't extend to Google's devices, of course, so those with Pixel and Pixel XL, or Pixel 2 and Pixel 2 XL devices were safe, but the report claims that some OEMs, including Sony, Samsung, and Wiko had missed at least one security patch.

Which smartphone maker skipped how many patches?

What's The Story Of Android's Security Patches All About?

SRL researchers Karsten Nohl and Jakob Lell back engineered phones from Google, Samsung, HTC, Motorola, ZTE, TCL, and others checking at the source-code level to see if all the patches were present.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security".

Several manufacturers have been pretending to stay on par with the latest updates without pushing any actual update. One of the lowest performing brands were TCL and ZTE, all of whose phones had on average over four patches that they claimed to have installed, but had not. SRL says that it had tested the firmware on around 1,200 Android phones, looking for whether or not patches had been applied, which led to it finding devices that had changed the dates forward without actually adding the patches in.


What makes it worse as Nohl points out is the fact that it is nearly impossible for the user to know which patches are actually installed.

It would seem that your brand-spanking new Android phone is not as secure as you think it might be.

As if the Android security update situation couldn't get any worse, it appears that some Android device makers have been caught lying about how secure their phones really are. On some phones, the patch gaps numbered in the dozens. The randomization helps to alter the location of a program in memory and sandboxing limits the access to the rest of the device.

That all said, it's not necessarily a disaster that your phone might not have every single last possible security patch installed, and it often takes more than one unpatched bug to leave your phone open and vulnerable to attackers.

In several cases, the chip makers were found to be the main culprits. While phones making use of Qualcomm's Snapdragon and Samsung's Exynos are less likely to miss out on patches, those running on MediaTek chipsets were found to be missing out on a lot more (9 on average). And if a company making those chips isn't keeping up with patches, it becomes quite hard for the manufacturers of the phones running them to fully secure their devices. The vendor has to primarily depend on the chipmaker to offer a security patch and not the OS.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers.



Other News

Trending Now

Patriots 7-round mock draft 1.0: When will QB be taken?
We have seen teams waste their draft picks, but we have also seen teams use their picks wisely and create a better team from them. Trades alert! In this latest mock draft for the 2018 NFL Draft , there will be multiple trades in the top five.

Bill Hader, James McAvoy Being Courted for Stephen King's 'It' Sequel
In addition, Bill Skarsgard will reprise his haunting role as the demented child-killing Pennywise the Dancing Clown. New Line is now in talks with Bill Hader and James McAvoy to play two of the adult versions of the "Losers Club ".

Backpage CEO Pleads Guilty to California Money Charges
Backpage.com has been under investigation for years for claims that the site facilitates sex trafficking on their adult ads page. The Stop Enabling Sex Traffickers Act of 2017 (S. 1693) passed both the House and Senate with overwhelming bipartisan support.

CDC Investigates E. Coli Outbreak In Connecticut And Other States
Coli outbreak in the United States has reached OH , where, until now, only one confirmed case has been registered by the CDC . A total of 17 cases have been reported across Connecticut, Idaho, Missouri, New Jersey, Ohio, Pennsylvania, and Washington.

Popular US Federal parks to hike Prices to £ 35, not $70
A auto is stopped by a herd of bison crossing the highway in Yellowstone National Park Thomson Reuters WASHINGTON - The U.S. Other types of passes, such as for walking into the parks , will see smaller fee increases.

Trump Lawyer Michael Cohen Contradicts POTUS' Depiction Of FBI Raid
Trump has declined to directly answer whether he will fire Mueller, but on Monday claimed " many people" have suggested he should. A White House official said Trump had been watching TV reports, and that the President knew about the raid before the news broke.

Warm temperatures, strong winds fuel fire danger across state
A wind advisory and blowing dust advisory are also in effect for the Valley through until 7 p.m. and 8 p.m. Several red flag warnings are up across the state the next couple days, meaning no open burning.