Wednesday, 13 March 2013

Unpatched Vulnerabilities: Android Devices Continue to Cling Onto the Risk Factor

Carriers and tech gurus continue to be at sixes and sevens with regards to solving that million dollar puzzle: patching up Android devices. While mobile spy software is deadlier every passing moment, it seems to be Android spyware that is weaving its malicious magic more effectively than other brands of malware, as the operating system casualties soar without any indication of ceasing any time soon. Recent reports have confirmed that Android’s long tussle with malware is still ongoing, the platform is still the target numero uno for spyware from across the globe and most crucially there seems no easy way out for the users that want to keep themselves up to date with latest patches.

Unpatched Vulnerabilities Galore!
Duo Security is one of many think-tanks mulling over the Android patchwork. It recently compiled results from 20,000 Android machines, which had been scanned with the X-Ray tool for vulnerability assessment. According to the results more than 50 percent of the devices all over the world have unpatched vulnerabilities. And to add fuel to this blazing fire, the chief technology officer of Duo Security is touting the number as a “conservative estimate”, which has been compiled after the preliminary results. If one were to factor in detailed tests this number could further soar skywards.
Duo’s numbers are in synchrony with the Bit9 report that was released earlier this year, which stated that 56% of Android devices were allowing insecure and out of date versions of the software and in turn inviting Android spyware to wreak havoc in their devices.
Devices that have been under this pretty menacing gun include, HTC, Samsung, Sanyo, Motorola, Sony and LG.
Sophos has also reported recently that the discovery of new malware has hiked up 41 times in 2011, while most of this jump traces its origin to a toll fraud malware family which targeted Eastern European markets. This toll fraud occurs when mobile spy software stealthily sends texts to paid services via a phone that has been hijacked.

Crossing the Line
The thing that affects the US the most is the latest apps which use extremely aggressive tactics. And more often than not these tactics cross all lines of privacy. The more aggressive of these apps link sponsored apps, display their advertisements even if the application doesn’t run and criminally extract private information and take it to the server of the advertiser – if this isn’t blatant violation of the ad policy of Google for Android, then what is?
Advertising, while a fundamental right of every single company and firm, has become a dangerous tool, in the garb of which many a hacker has eradicated some of the biggest companies by delving into their private data. Again, no other platform has been as compromised as Android and while other platforms do put up a wall to bolster their lines that shouldn’t be crosses, Android’s lines continue to be the easiest to cross for hackers.

Maximum Risk
As we study the security aspects of various platforms it is still as you were, and Android’s poor vulnerability patching and fragmentation continues to be a massive risk for its users. And with Android – unlike iOS that Apple has on iPhones and iPads – there is a plethora of vendors that use scores of platform versions. This, in turn, results in a hotchpotch of strategies catering to patchwork and they are further complicated owing to the carriers that push out updates.
There are some carriers that tend to push out updates sooner than the rest of the carriers and similarly there are users that install the patches sooner than the rest. And hence the fact that there are more than 50 percent Android devices that have unpatched glitches shouldn’t be that big a surprise for anyone. With Android providing the maximum risk factor to its users, do we really expect things to be different any time soon? Not really…

Quasi Silver Lining
With no tangible solution foreseeable, Android spyware is clearly on the up, which would continue to up the ante on users that have unpatched phones. Even so, mobile spy software and malware is still not as daunting as the malicious apps that have been created to expose vulnerabilities in computers and hence, the menace for Android users is still less than the potential menace in the tech domain. This can be demonstrated simply by knowing the simple fact that one can survive if they haven’t updated their phone’s OS, but no one can survive not updating the anti-virus or the OS patches on the PC.
So yes while the risk factor for Android users is, has been, and would in all likelihood continue to be a hot topic of debate in the tech world, there is still a ray of hope for Android buffs in the shape of the survival and persistence of the PC industry. As they say every cloud has a silver lining; only sometimes one needs a really robust telescope to perceive it.


  1. Jane,
    Are all Android devices susceptible to this sort of attack? Can you recommend an app to protect an Android device?

  2. Hi Jane,

    Do you have the complete list of unpatched vulnerabilities?