Story image

Android's poor system update process is putting devices at risk

12 Dec 2017

The popular Android operating system powers more than two billion devices and cybercriminals have their fingers on the pulse, with an uptick in Android ransomware kits appearing in underground markets.

Carbon Black’s Param Singh says that the median price for Android ransomware is $200, whereas the price of ransomware for Windows 10 is just $10.

This is happening in parallel with the rise of smart devices, many of which will run Android operating systems at home and in the enterprise. Android phones comprise 85% of the smartphone market and cybercriminals go after the most popular platform.

The end result is the need for securing the devices in both the home and enterprise environment, Singh explains.

Google and device manufacturers are also contributing to a fragmentation of software update adoption. Singh says that even one year after Android 7.0 Nougat was released, only 17% of devices run the system. The statistics are poorer for its incremental update Android 7.1 - only 3% of devices currently run it.

“By contrast, Apple iOS 11 reached 52 per cent of Apple’s smartphones in less than two months. Recent research on Android fragmentation issues disclosed that more than 1 billion Android devices have not been updated for two years, and probably never will be,” Singh explains.

Despite improvements to Google Play, device encryption, user permissions, application sandboxing and other security features, Singh says Google must tackle the software update problem otherwise malware will continue to plague devices that are not updated.

“Many smartphone users believe Android is more vulnerable simply because it is open-sourced, although this is simply not true. They feel that making any software open-source allows malicious hackers to see more easily how an application works. Yet open-source also makes it easier for everyone else who is interested to look through code, add enhancements and report security vulnerabilities,” he says.

He believes open source software can more rapidly patch bugs, while commercial vendors have conflicting priorities. Meanwhile, attackers will continue to find and exploit bugs.

“For a successful campaign, such as the fake WhatsApp application that was on Google Play and downloaded by more than a million users, the criminals’ return on investment can be enormous,” he says.

Singh does acknowledge that Android has improved since its initial release 10 years ago.

“At a recent event where security researchers competed to find and exploit vulnerabilities, there was no vulnerability reported for Google’s Pixel 2 phone, compared to Apple iOS 11 which was hacked both on November 1 and November 2. With control over its hardware, one of the important security features of Pixel phones is the immediate access to latest Android OTA (over-the-air) updates,” he says.

This may well solve the slow rate of adoption for newer Android updates, he says.

Singh also recommends:

  • Only using Google Play or trustworthy sources such as Amazon.
  • Checking an application’s reputation, user feedback, app verification and prevalence data to make an informed decision before installing it
  • Paying attention to the permissions applications ask for – these may indicate malicious behaviour. “Proactive users should also enable Google Play Protect’s ‘scan device for security threats’ feature to detect harmful applications when downloaded and on a routine basis.”
New threat rears its head in new malware report
Check Point’s researchers view Speakup as a significant threat, as it can be used to download and spread any malware.
Oracle updates enterprise blockchain platform
Oracle’s enterprise blockchain has been updated to include more capabilities to enhance development, integration, and deployment of customers’ new blockchain applications.
Used device market held back by lack of data security regulations
Mobile device users are sceptical about trading in their old device because they are concerned that data on those devices may be accessed or compromised after they hand it over.
Gartner names ExtraHop leader in network performance monitoring
ExtraHop provides enterprise cyber analytics that deliver security and performance from the inside out.
Symantec acquires zero trust innovator Luminate Security
Luminate’s Secure Access Cloud is supposedly natively constructed for a cloud-oriented, perimeter-less world.
Palo Alto releases new, feature-rich firewall
Palo Alto is calling it the ‘fastest-ever next-generation firewall’ with integrated cloud-based DNS Security service to stop attacks.
The right to be forgotten online could soon be forgotten
Despite bolstering free speech and access to information, the internet can be a double-edged sword, because that access to information goes both ways.
Opinion: 4 Ransomware trends to watch in 2019
Recorded Future's Allan Liska looks at the past big ransomware attacks thus far to predict what's coming this year.