By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
10alert.com10alert.com10alert.com
  • Threats
    • WordPress ThreatsDanger
    Threats
    A cyber or cybersecurity threat is a malicious act that seeks to damage data, steal data, or disrupt digital life in general. Cyber threats include…
    Show More
    Top News
    Versatile Threats: Dangers for any Device – Kaspersky Daily
    12 months ago
    Kaspersky Internet Security for Android wins independent anti-virus testing
    12 months ago
    DEF CON 23: Tell me who you are and I will tell you your lock screen pattern
    12 months ago
    Latest News
    Beware of scammers! Dangerous apps in the App Store
    2 days ago
    How To Limit Login Attempts on WordPress (+ Should You?)
    3 days ago
    Wordfence Intelligence Weekly WordPress Vulnerability Report (September 18, 2023 to September 24, 2023)
    3 days ago
    Two privilege escalation vulnerability in Simple Membership Plugin
    4 days ago
  • Fix
    Fix
    Troubleshooting guide you need when errors, bugs or technical glitches might ruin your digital experience.
    Show More
    Top News
    Cloudflare Introduces User Friendly CAPTCHA Alternative Called Turnstile
    12 months ago
    Windows 10 build 19044.1947 (KB5016688) outs as preview
    12 months ago
    How to disable WiFi or Ethernet network adapter on Windows 11
    12 months ago
    Latest News
    How automatically delete unused files from my Downloads folder?
    8 months ago
    Now you can speed up any video in your browser
    8 months ago
    How to restore access to a file after EFS or view it on another computer?
    8 months ago
    18 Proven Tips to Speed Up Your WordPress Site and Improve SEO | 2023 Guide
    9 months ago
  • How To
    How ToShow More
    Detecting zero-days before zero-day
    Detecting zero-days before zero-day
    23 hours ago
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
    23 hours ago
    Network performance update: Birthday Week 2023
    Network performance update: Birthday Week 2023
    23 hours ago
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    Cloudflare now uses post-quantum cryptography to talk to your origin server
    2 days ago
    Privacy-preserving measurement and machine learning
    Privacy-preserving measurement and machine learning
    2 days ago
  • News
    News
    This category of resources includes the latest technology news and updates, covering a wide range of topics and innovations in the tech industry. From new…
    Show More
    Top News
    Why is it so popular and why is it dangerous?
    12 months ago
    How to calibrate the display on a smartphone?
    12 months ago
    5 Useful Things Google Maps Can Do
    12 months ago
    Latest News
    How to enable extensions for Google Bard AI
    2 days ago
    Window 11 Copilot: 10 Best tips and tricks
    2 days ago
    How to create AI images with Cocreator on Paint for Windows 11
    3 days ago
    How to install September 2023 update with 23H2 features for Windows 11
    4 days ago
  • Glossary
  • My Bookmarks
Reading: 87% of Android smartphones are insecure
Share
Notification Show More
Aa
Aa
10alert.com10alert.com
  • Threats
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
  • Threats
    • WordPress ThreatsDanger
  • Fix
  • How To
  • News
  • Glossary
  • My Bookmarks
Follow US
Wordpress Threats

87% of Android smartphones are insecure

Vitus White
Last updated: 13 October
Vitus White 12 months ago
Share
7 Min Read

British scientists proved that Android devices are highly dangerous when it comes to you and your data. It’s no joke — researchers at the University of Cambridge did serious research on the devices: analyzing over 20,000 smartphones by various vendors to discover that 87.7% of Android devices are susceptible to at least one critical vulnerability.

This dreadful fact emerged as byproduct of a study whose goal was to reveal whose devices (speaking of vendors) were the most secure.

The experiment was conducted with help of ordinary people and their ordinary smartphones: the participants consented to set up a special app called Device Analyzer from Google Play. This application helped to find out how resistant the devices were to the most widespread attacks by sending data on what versions of software were installed on the device.

Not all vulnerabilities were taken into consideration – just those exploitable completely wirelessly. Of those 32 were critical, but only 11 bugs that could be applied to all participating devices, were considered during the experiment to provide for fair results.

Android devices are insecure

So, why do different vendors offer ranging security levels? First, it depends on whether the OS version is up-to-date; Google, Linux Foundation and other relevant Android developers issue regular updates, which include security patches for known vulnerabilities.

The thing is that the majority of Android devices are queuing to get those updates, so it happens not that fast as it should be. It’s not Google who sends the OTA updates; a carrier of an OEM vendor now performs this task and the updates are delivered as fast as the vendor likes it to be – meaning ‘not fast at all.’

1 Billion #Android devices vulnerable to #NEW Stagefright flaws… #nopatches https://t.co/1Wt8iqOY2b via @threatpost pic.twitter.com/LJUuODPDra

— Kaspersky Lab (@kaspersky) October 1, 2015

With all manufacturers vowing to offer users a two-year support plan, many devices stop receiving updates some time close to the end of their lifecycle (or even to the middle). That means, smartphone models based on an outdated (and thus forever unpatched) Android are abundant, and the quantities of such vary by vendor.

To quantify the level of security for various Android vendors, the Cambridge research group introduced the FUM index. This abbreviation means the following:

  • F (free) — the share of devices which were free of critical vulnerabilities throughout the testing.
  • U (update) — the share of devices by a particular vendor, which employ the latest version of Android.
  • M (mean) — the average number of unpatched vulnerabilities in the phones by a particular vendor.

The normalized total of those values constitutes the FUM index, with values ranging from 1 to 10. It serves a means of evaluating a vendor’s security score.

95% of #Android phones can be hacked with one just #MMS, millions at risk https://t.co/BJg5e7ss8N #infosec pic.twitter.com/DGBSkhQdDo

— Kaspersky Lab (@kaspersky) August 4, 2015

In just four years, from July 2011 through 2015 the mean FUM Index for all Android devices turned to be abysmally low – 2.87 out of 10. The most secure smartphones are, predictably, Google Nexus. No wonder it is so: Google takes care of patching on its own devices.

For Nexus devices, FUM reaches the value of 5.17 – still not quite close to 10. Unfortunately, updates do not land onto Nexuses right away: the delivery of OTA updates takes up to two weeks, while the device might remain insecure.

To give justice to other smartphones vendors, the champions are LG (FUM 3.97), followed by Motorola (3.07), Samsung (2.75), Sony (2.63), HTC (2.63) and ASUS (2.35).

The most insecure devices belong to B-grade and no-name brands like Symphony (0.30) and Walton (0.27). We might assume that the most of Chinese no-names enjoy the FUM Index as low as that.

Of Non-Nexus Devices and the #Android #Security Rewards Program: http://t.co/owKwqqFmDJ via @threatpost

— Kaspersky Lab (@kaspersky) June 18, 2015

What is a bit unsettling about the research is the deliberate exclusion of Huawei, Lenovo, and Xiaomi smartphones, although these brands, according to IDC analytics, occupy the 2nd, 3rd, and 4th positions in the global best-selling rating for Android-smartphones.

With that and other side-notes in mind, this research cannot be considered absolutely fair and ultimate – yet this does not diminish its importance. The researchers managed to present a holistic (and thus gloomy) picture of the ecosystem security and attract certain attention to common pain points in the infosec domain.

We should admit Android is a desperately vulnerable system. It will remain so, unless Google revamps the OS and the model of distribution to enable simultaneous, regular and vendor-agnostic update mechanism to spare users a cumbersome mission of taking care of their device security.

Protect your #Android: 10 tips for maximum security https://t.co/PDu801dfyg pic.twitter.com/auqQf6NfVL

— Eugene Kaspersky (@e_kaspersky) November 8, 2014

But what can users do now to ensure their devices are protected? Here are simple tips:

1. Apply updates as soon as they are available. Do not ignore them.

2. Download apps only from trusted sources and look out for rogue websites. It does not guarantee you are spared security issues, yet it is a means of avoiding a certain class of threats.

3. Use a security solution – if smartphone vendors are slow to enable security patches and save users from exploits, antivirus companies might do a better job here.

4. And just try to be in the loop: read security news. Otherwise you would never know, for instance, that it’s better to disable default MMS downloads to avoid issues relevant to the Stagefright vulnerability.


Source: kaspersky.com

Translate this article

TAGGED: Android, Linux, Security, Software, Threat, Threats, Vulnerabilities
Vitus White October 13, 2022 October 7, 2022
Share This Article
Facebook Twitter Reddit Telegram Email Copy Link Print

STAY CONECTED

24.8k Followers Like
253.9k Followers Follow
33.7k Subscribers Subscribe
124.8k Members Follow

LAST 10 ALERT

Detecting zero-days before zero-day
Detecting zero-days before zero-day
Apps 23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps 23 hours ago
Network performance update: Birthday Week 2023
Network performance update: Birthday Week 2023
Apps 23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps 2 days ago
Privacy-preserving measurement and machine learning
Privacy-preserving measurement and machine learning
Apps 2 days ago

You Might Also Like

Detecting zero-days before zero-day
Apps

Detecting zero-days before zero-day

23 hours ago
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Apps

See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan

23 hours ago
Cloudflare now uses post-quantum cryptography to talk to your origin server
Apps

Cloudflare now uses post-quantum cryptography to talk to your origin server

2 days ago
Privacy-preserving measurement and machine learning
Apps

Privacy-preserving measurement and machine learning

2 days ago
Show More

Related stories

How to upgrade to Windows 11 23H2 with Installation Assistant
How to install September 2023 update with 23H2 features for Windows 11
How to get the latest Windows 11 innovations
How to blur image background in Photos for Windows 11
How to download official Windows 11 23H2 ISO file
PHP Object Injection Vulnerability in Flatsome Theme

10 New Stories

Encrypted Client Hello – the last puzzle piece to privacy
Beware of scammers! Dangerous apps in the App Store
How to enable extensions for Google Bard AI
Reminder: Enable two-factor authentication wherever you have it. This business
​​Know exactly when your data is transferred to GoogleIn a world where our data is permanent
​​Fake correspondence with the iPhone interfaceIn a world where digital communication is
Previous Next
Hot News
Detecting zero-days before zero-day
See what threats are lurking in your Office 365 with Cloudflare Email Retro Scan
Network performance update: Birthday Week 2023
Cloudflare now uses post-quantum cryptography to talk to your origin server
Privacy-preserving measurement and machine learning
10alert.com10alert.com
Follow US
© 10 Alert Network. All Rights Reserved.
  • Privacy Policy
  • Contact
  • Customize Interests
  • My Bookmarks
  • Glossary
Go to mobile version
adbanner
AdBlock Detected
Our site is an advertising supported site. Please whitelist to support our site.
Okay, I'll Whitelist
Welcome Back!

Sign in to your account

Lost your password?