01:24 PM

Older Android Devices At Risk As Carriers Delay Upgrades

Latest version of Android OS rebuffs most malware, says study, but carriers continue to drag their feet on providing upgrades and patches.

"Each successful download provides attackers around $10 in immediate profit," said the study. "At the high-end of the market, more sophisticated attackers are using botnets and threats targeting high-value data on corporate networks in the enterprise."

Android malware is thriving particularly thanks to even non-coding geniuses being able to make a quick buck, which helps explain why the operating system is now the most-favored mobile OS for attackers to target.

Relatively simple short message service (SMS, or texting) Trojans accounted for 48% of all Android malware seen. The malware dials premium-rate phone numbers which are typically leased by the malware developer or their criminal associates, and which predominate in Russia and the rest of Eastern Europe, as well as Asia. Meanwhile, 29% of all mobile malware involved fake app installers, which is malware that's often just thinly disguised to resemble a legitimate version of a popular app. In comparison, sophisticated Trojan spying tools accounted for only 19% of all Android mobile malware seen.

The good news is that the most prevalent type of attack -- SMS Trojans, which are involved in 77% of all attacks -- are easily blocked by the latest version of the Android operating system, Android 4.2 Jelly Bean , because it comes with built-in SMS attack protection. Such attacks also can be stopped by Android anti-virus software, but adoption of these security tools lags.

The bad news is that as of June 3, Android 4.2 was installed on just 4% of Android smartphones. In other words, the majority of attacks now seen on Android users "could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices," reported Juniper.

How might handset manufacturers and carriers be forced to update and patch their devices more regularly? In fact, thanks to a settlement between HTC and the Federal Trade Commission (FTC) in February, the handset maker will be required to do just that, for at least the next 20 years.

The American Civil Liberties Union (ACLU), meanwhile, has urged the FTC to continue the crackdown by making the country's four biggest wireless carriers update devices regularly, or else. As an incentive, the ACLU has proposed interpreting consumer-protection laws to allow consumers to return any mobile device for a full refund for up to two years after it's been purchased, unless the carrier issues regular information security patches or software updates for the device.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Terabyte Net
Terabyte Net,
User Rank: Apprentice
6/28/2013 | 12:57:34 PM
re: Older Android Devices At Risk As Carriers Delay Upgrades
Good luck with upgrades. Verizon upgraded Razr's and Razr Maxx's to 4.1.2 when 4.2 had already shipped. The problem is the carriers modify Android to include a bunch of junk software. That's the first thing that should be banned.

Next, my 2nd phone, a Razr Maxx, was purchased from a regional carrier on a 2 year contract and it's still on 4.0.4 because the carrier has ZERO pull with Google/Motorola to get 4.1.2 or 4.2 made available.

This is one of the only places where I side with Apple. They don't allow Verizon, AT&T, or any other carrier to hack away at iOS and therefore when a new iOS build or update comes out everyone can get it. Google must step up and stop the junk mods made by carriers and demand they use generic Android OS builds, but as I said, good luck with that.
InformationWeek Elite 100
InformationWeek Elite 100
Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
Register for InformationWeek Newsletters
White Papers
Current Issue
Top IT Trends to Watch in Financial Services
IT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on for the week of September 25, 2016. We'll be talking with the editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.