Decrypting

WHITEHACK talks to Cybershack’s Alex Choros about Android Vulnerabilites

October 16, 2015

“Research from the University of Cambridge has revealed that almost nine out of ten Android devices aren’t protected against major security vulnerabilities. The team of researchers found that 87% of Android smartphones and tablets are vulnerable to at least one of the 11 major Android bugs revealed in the last five years, such as the recently uncovered Stagefright.”

What Adrian had to say:

 

“When Google prepares an Android software update, it distributes it to manufacturers such as such LG and Samsung. These manufacturers then have to apply the changes to their version of Android, and test for device compatibility. More often than not, each Android phone will run a slightly different version of the operating system. A Samsung Note 5 sold via Telstra will have different software than one sold via Vodafone or Optus. After these updates have been completed, they are then sent to the respective telco for testing. After the telco has finished testing it, they will then deploy the update to their customers. The testing process itself can take a number of weeks.”

Because of this, some Android devices never receive software updates, said ethical hacker and director of security firm Whitehack Adrian Wood.

“The way Android handles updates like security updates is very different to Apple,” Wood told CyberShack when discussing Statefright earlier in the year. “If an equivalent bug to Stagefright was found on iOS, Apple could just push an update to every iPhone and protect them within 48 hours of it being discovered. Android handles updates slightly differently. The Android source code goes out to manufacturers like Sony, Samsung and LG, and they make tweaks and play around with the code a bit and launch it out on a phone. So when a bug is found, Google can patch the Android source code and push it out to Samsung, but then Samsung has to make it work on their phones.”

Further:

“If you’re a person who’s not buying the flagship model of a phone, you can be in a really tricky situation because the support period for Android’s operating system is quite short, especially compared to Apple. You could not go to the store and buy a brand new iPhone that’s out of the support period.”

 

Read more about it at Cybershack.


Fields marked with an * are required
Find out more
Recent Posts

Not-For-Profit & Education Discounts

18 July 2016

a team of highly skilled ethical hackers

Read More

Whitehack Information Security Consultant Finds Critical Vulnerability within AVG Owned Domain

30 June 2016

a team of highly skilled ethical hackers

Read More

ABC Four Corners Films Segment at WHITEHACK

03 June 2016

information security auditors, interview, four corners

Read More

ABC Radio Chat: TrainLink & Myspace Hack

31 May 2016

a team of highly skilled ethical hackers

Read More

Categories
News
Security