87% of An­droid phones are vul­ner­a­ble to hack­ers, re­searchers warn

Daily Trust - - IT WORLD - By Zakariyya Adaramola, with agency re­ports

The huge num­ber of An­droid hand­sets from dif­fer­ent man­u­fac­tur­ers com­bined with the num­ber of dif­fer­ent ver­sions of the soft­ware has left mil­lions of hand­sets vul­ner­a­ble to hack­ers, a new study has claimed.

Re­searchers an­a­lysed the hand­sets and soft­ware they were run­ning.

‘We find that on av­er­age 87.7% of An­droid de­vices are ex­posed to at least one of 11 known crit­i­cal vul­ner­a­bil­i­ties,’ the Cam­bridge team con­cluded.

Re­searchers marked each hand­set out of ten. The team also cre­ated a spe­cial site to check phones for vul­ner­a­bil­i­ties.

The study uses data col­lected by the team’s De­vice An­a­lyzer app, which is avail­able from the Google Play Store.

Daniel Thomas and Alas­tair Beres­ford, the pair be­hind the study, blame phone mak­ers.

‘The app col­lects data from vol­un­teers around the globe and pro­vides us with the sta­tis­ti­cal data we need’ said Daniel Thomas, lead author of the study.

‘We have used data from over 20,000 de­vices to sup­port our re­sults, but we’re keen to re­cruit more con­trib­u­tors.’

‘The se­cu­rity com­mu­nity has been wor­ried about the lack of se­cu­rity up­dates for An­droid de­vices for some time,’ said Dr Rice,

‘Our hope is that by quan­ti­fy­ing the prob­lem we can help peo­ple when choos­ing a phone and that this in turn will pro­vide an in­cen­tive for man­u­fac­tur­ers and op­er­a­tors to de­liver up­dates.’

‘Google has done a good job at mit­i­gat­ing many of the risks,’ said Dr Beres­ford and we rec­om­mend users only in­stall apps from Google’s Play Store since it per­forms ad­di­tional safety checks on apps.

‘Un­for­tu­nately Google can only do so much, and re­cent An­droid se­cu­rity prob­lems have shown that this is not enough to pro­tect users.

‘Phones re­quire up­dates from man­u­fac­tur­ers, and the ma­jor­ity of de­vices aren’t get­ting them.’

‘The se­cu­rity of An­droid de­pends on the timely de­liv­ery of up­dates to fix crit­i­cal vul­ner­a­bil­i­ties,’ the pair wrote in the new pa­per.

‘In this pa­per we map the com­plex net­work of play­ers in the An­droid ecosys­tem who must col­lab­o­rate to pro­vide up­dates, and de­ter­mine that in­ac­tion by some man­u­fac­tur­ers and net­work op­er­a­tors means many hand­sets are vul­ner­a­ble to crit­i­cal vul­ner­a­bil­i­ties.’

‘On av­er­age over the

last four years, 87% of An­droid de­vices are vul­ner­a­ble to at­tack by ma­li­cious apps,’ they said on a blog post ex­plain­ing the re­search.

Dai­lyMailon­line re­ported that data for the study was col­lected through the group’s ‘De­vice An­a­lyzer’ app, which has been avail­able for free on the Play Store since May 2011.

Af­ter the par­tic­i­pants opted into the sur­vey, the Univer­sity says it col­lected daily An­droid ver­sion and build num­ber in­for­ma­tion from over 20,400 de­vices.

The study then com­pared this ver­sion in­for­ma­tion against 13 crit­i­cal vul­ner­a­bil­i­ties (in­clud­ing the Stage­fright vul­ner­a­bil­i­ties) dat­ing back to 2010. Each in­di­vid­ual de­vice was then la­beled ‘se­cure’ or ‘in­se­cure’ based on whether or not its OS ver­sion was patched against th­ese vul­ner­a­bil­i­ties

‘This is be­cause man­u­fac­tur­ers have not pro­vided up­dates.

‘Some man­u­fac­tur­ers are much bet­ter than oth­ers how­ever, and our study shows that de­vices built by LG and Mo­torola, as well as those de­vices shipped un­der the Google Nexus brand are much bet­ter than most. The pair also cre­ated a spe­cial site to check phones for vul­ner­a­bil­i­ties.

The pa­per con­cludes that ‘the bot­tle­neck for the de­liv­ery of up­dates in the An­droid ecosys­tem rests with the man­u­fac­tur­ers, who fail to pro­vide up­dates to fix crit­i­cal vul­ner­a­bil­i­ties.’

‘Un­for­tu­nately some­thing has gone wrong with the pro­vi­sion of se­cu­rity up­dates in the An­droid mar­ket,’ the study said.

‘Many smart­phones are sold on 12-24 month con­tracts, and yet our data shows few An­droid de­vices re­ceive many se­cu­rity up­dates.’

reg­u­lar

se­cu­rity You might think that Siri and Google work as your per­sonal as­sis­tant, but they may also be tak­ing or­ders from hack­ers.

French re­searchers have found the smart­phone as­sis­tants can be con­trolled by hack­ers from as far away as 16ft (five me­tres).

They say ra­dio waves can be used to trig­ger voice com­mands on iPhones and An­droid hand­sets with Siri or Google now en­abled, pro­vid­ing a set of head­phones are plugged in.

The re­search, by France’s in­for­ma­tion se­cu­rity agency, ANSSI, sug­gests crim­i­nals could take con­trol of hand­sets and eaves­drop on con­ver­sa­tions, but it’s not known whether the trick has been ex­ploited in the real world.

The hack, demon­strated by the re­searchers, is pos­si­ble by us­ing the head­phone’s cord as an antenna, Wired’s Andy Green­berg re­ported.

This means hack­ers could use open-source ra­dio soft­ware run­ning on a lap­top, an antenna and am­pli­fier to send elec­tro­mag­netic waves picked up by the head­phone cord from close range.

From Left, Mr. Tunji Ba­lo­gun, Chair­man of Brian Com­put­ers; Mr. Tunji Adeyinka, Thought Lead­er­ship Key­note Speaker and Man­ag­ing Di­rec­tor, Con­nect Mar­ket­ing Ser­vices Lim­ited and Mr Shina Badaru, Founder/CEO, Tech­nol­ogy Times at the for­mal brand un­veil­ing of Com­puter Vil­lage Expo 2015 (CVE '15) in­spired by Tech­nol­ogy Times held re­cently in Lagos re­cently.

Newspapers in English

Newspapers from Nigeria

© PressReader. All rights reserved.