Story image

Android's poor system update process is putting devices at risk

12 Dec 17

The popular Android operating system powers more than two billion devices and cybercriminals have their fingers on the pulse, with an uptick in Android ransomware kits appearing in underground markets.

Carbon Black’s Param Singh says that the median price for Android ransomware is $200, whereas the price of ransomware for Windows 10 is just $10.

This is happening in parallel with the rise of smart devices, many of which will run Android operating systems at home and in the enterprise. Android phones comprise 85% of the smartphone market and cybercriminals go after the most popular platform.

The end result is the need for securing the devices in both the home and enterprise environment, Singh explains.

Google and device manufacturers are also contributing to a fragmentation of software update adoption. Singh says that even one year after Android 7.0 Nougat was released, only 17% of devices run the system. The statistics are poorer for its incremental update Android 7.1 - only 3% of devices currently run it.

“By contrast, Apple iOS 11 reached 52 per cent of Apple’s smartphones in less than two months. Recent research on Android fragmentation issues disclosed that more than 1 billion Android devices have not been updated for two years, and probably never will be,” Singh explains.

Despite improvements to Google Play, device encryption, user permissions, application sandboxing and other security features, Singh says Google must tackle the software update problem otherwise malware will continue to plague devices that are not updated.

“Many smartphone users believe Android is more vulnerable simply because it is open-sourced, although this is simply not true. They feel that making any software open-source allows malicious hackers to see more easily how an application works. Yet open-source also makes it easier for everyone else who is interested to look through code, add enhancements and report security vulnerabilities,” he says.

He believes open source software can more rapidly patch bugs, while commercial vendors have conflicting priorities. Meanwhile, attackers will continue to find and exploit bugs.

“For a successful campaign, such as the fake WhatsApp application that was on Google Play and downloaded by more than a million users, the criminals’ return on investment can be enormous,” he says.

Singh does acknowledge that Android has improved since its initial release 10 years ago.

“At a recent event where security researchers competed to find and exploit vulnerabilities, there was no vulnerability reported for Google’s Pixel 2 phone, compared to Apple iOS 11 which was hacked both on November 1 and November 2. With control over its hardware, one of the important security features of Pixel phones is the immediate access to latest Android OTA (over-the-air) updates,” he says.

This may well solve the slow rate of adoption for newer Android updates, he says.

Singh also recommends:

  • Only using Google Play or trustworthy sources such as Amazon.
  • Checking an application’s reputation, user feedback, app verification and prevalence data to make an informed decision before installing it
  • Paying attention to the permissions applications ask for – these may indicate malicious behaviour. “Proactive users should also enable Google Play Protect’s ‘scan device for security threats’ feature to detect harmful applications when downloaded and on a routine basis.”
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Why total visibility is the key to zero trust
Over time, the basic zero trust model has evolved and matured into what Forrester calls the Zero Trust eXtended (ZTX) Ecosystem.
Gartner names Proofpoint Leader in enterprise information archiving
The report provides a detailed overview of the enterprise information archiving market and evaluates vendors based on completeness of vision and ability to execute.
Tensions on the rise after Huawei CFO arrest
“Recently our corporate CFO, Meng Wanzhou, was provisionally detained by the Canadian authorities on behalf of the United States of America."
Palo Alto Networks integrates RedLock and VM-Series with AWS Security Hub
AWS Security Hub is designed to provide users with a comprehensive view of their high-priority security alerts and compliance status.
Juniper simplifies data integration to improve threat detection
Updates to the Juniper Advanced Threat Prevention Appliances leverage third-party firewalls and security data sources.
Is mobile shopping compromising your enterprise security?
When employees do their holiday shopping on company resources, security teams have a challenge with the surge in browsing and online transactions.