Older Android Devices At Risk As Carriers Delay Upgrades - InformationWeek
01:24 PM

Older Android Devices At Risk As Carriers Delay Upgrades

Latest version of Android OS rebuffs most malware, says study, but carriers continue to drag their feet on providing upgrades and patches.

"Each successful download provides attackers around $10 in immediate profit," said the study. "At the high-end of the market, more sophisticated attackers are using botnets and threats targeting high-value data on corporate networks in the enterprise."

Android malware is thriving particularly thanks to even non-coding geniuses being able to make a quick buck, which helps explain why the operating system is now the most-favored mobile OS for attackers to target.

Relatively simple short message service (SMS, or texting) Trojans accounted for 48% of all Android malware seen. The malware dials premium-rate phone numbers which are typically leased by the malware developer or their criminal associates, and which predominate in Russia and the rest of Eastern Europe, as well as Asia. Meanwhile, 29% of all mobile malware involved fake app installers, which is malware that's often just thinly disguised to resemble a legitimate version of a popular app. In comparison, sophisticated Trojan spying tools accounted for only 19% of all Android mobile malware seen.

The good news is that the most prevalent type of attack -- SMS Trojans, which are involved in 77% of all attacks -- are easily blocked by the latest version of the Android operating system, Android 4.2 Jelly Bean , because it comes with built-in SMS attack protection. Such attacks also can be stopped by Android anti-virus software, but adoption of these security tools lags.

The bad news is that as of June 3, Android 4.2 was installed on just 4% of Android smartphones. In other words, the majority of attacks now seen on Android users "could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices," reported Juniper.

How might handset manufacturers and carriers be forced to update and patch their devices more regularly? In fact, thanks to a settlement between HTC and the Federal Trade Commission (FTC) in February, the handset maker will be required to do just that, for at least the next 20 years.

The American Civil Liberties Union (ACLU), meanwhile, has urged the FTC to continue the crackdown by making the country's four biggest wireless carriers update devices regularly, or else. As an incentive, the ACLU has proposed interpreting consumer-protection laws to allow consumers to return any mobile device for a full refund for up to two years after it's been purchased, unless the carrier issues regular information security patches or software updates for the device.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Terabyte Net
Terabyte Net,
User Rank: Apprentice
6/28/2013 | 12:57:34 PM
re: Older Android Devices At Risk As Carriers Delay Upgrades
Good luck with upgrades. Verizon upgraded Razr's and Razr Maxx's to 4.1.2 when 4.2 had already shipped. The problem is the carriers modify Android to include a bunch of junk software. That's the first thing that should be banned.

Next, my 2nd phone, a Razr Maxx, was purchased from a regional carrier on a 2 year contract and it's still on 4.0.4 because the carrier has ZERO pull with Google/Motorola to get 4.1.2 or 4.2 made available.

This is one of the only places where I side with Apple. They don't allow Verizon, AT&T, or any other carrier to hack away at iOS and therefore when a new iOS build or update comes out everyone can get it. Google must step up and stop the junk mods made by carriers and demand they use generic Android OS builds, but as I said, good luck with that.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of the Cloud Report
As the use of public cloud becomes a given, IT leaders must navigate the transition and advocate for management tools or architectures that allow them to realize the benefits they seek. Download this report to explore the issues and how to best leverage the cloud moving forward.
Twitter Feed
InformationWeek Radio
Archived InformationWeek Radio
Join us for a roundup of the top stories on InformationWeek.com for the week of November 6, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll