Android phone makers skip critical updates

Watch out Android users, your smartphone may not be as secure as you thought it was. A study has found that a few Android manufacturers may have accidentally skipped crucial software updates despite saying they constantly keep their products up to date. Here’s a quick rundown.

Missed patches
Every month, Google rolls out a new batch of Android bug fixes and critical security updates. These patches are available to Google Pixel phones almost immediately, but many third-party manufacturers are often months behind. When it does arrive, you should theoretically be protected from every recently discovered threat.

After extensively researching 1,200 different smartphones, however, Karsten Nohl and Jakob Lell of Security Research Labs discovered that even though certain phones were considered “up to date,” they didn’t have all the bug fixes and security updates listed on the patch notes. In other words, smartphone vendors often missed important patches.

The study found that, on average, Sony, Samsung, and Google occasionally missed a patch but were generally more secure than other vendors like Nokia, Motorola, HTC, LG, and Huawei that skipped several important updates.

According to manufacturers, these missed updates are purely accidental. Since there are so many updates to install every month, manufacturers can easily lose track and may even skip quality control checks just to keep up.

But as we’ve seen time and again, small accidents can lead to massive-scale breaches. Unlike most Android consumers, who usually don’t think twice about the updates they’re installing, hackers always read patch notes and attempt to find weaknesses to exploit.

The solution
Fortunately, Security Research Labs released SnoopSnitch, a firmware analysis app that checks whether your Android phone is missing any security patches. If your phone model did miss a few patches, the app will record the data and send it to the device manufacturer so they can create a fix as soon as possible.

Experts also say that users shouldn’t panic if they notice a missing patch and there are no updates available from their device manufacturer. Good security practices like avoiding suspicious emails and software from the Play Store will generally keep you safe from a wide array of attacks. What’s more, you should enable multi-factor authentication (using both a passcode and biometric scan to access your device) whenever possible to prevent account hijacking.

On Google’s end, they’re working on streamlining the patching process for manufacturers and creating even stronger security measures that will prevent hackers from gaining a foothold into your device.

Nevertheless, you should still update your Android devices as soon as they become available if you want to avoid a disastrous breach. And if you feel overwhelmed with managing security patches, don’t worry! Just call us today and we’ll help you out.

Published with permission from TechAdvisory.org. Source.


Email is the primary avenue of attack for most cybercriminals, who use it to target individuals and businesses with phishing scams, ransomware attacks, and other cyberthreats. Learn how email security maintains the integrity of your emails, accounts, and data.GET A FREE COPY NOW!
+