Older Android Devices At Risk As Carriers Delay Upgrades
Latest version of Android OS rebuffs most malware, says study, but carriers continue to drag their feet on providing upgrades and patches.
"Each successful download provides attackers around $10 in immediate profit," said the study. "At the high-end of the market, more sophisticated attackers are using botnets and threats targeting high-value data on corporate networks in the enterprise."
Relatively simple short message service (SMS, or texting) Trojans accounted for 48% of all Android malware seen. The malware dials premium-rate phone numbers which are typically leased by the malware developer or their criminal associates, and which predominate in Russia and the rest of Eastern Europe, as well as Asia. Meanwhile, 29% of all mobile malware involved fake app installers, which is malware that's often just thinly disguised to resemble a legitimate version of a popular app. In comparison, sophisticated Trojan spying tools accounted for only 19% of all Android mobile malware seen.
The good news is that the most prevalent type of attack -- SMS Trojans, which are involved in 77% of all attacks -- are easily blocked by the latest version of the Android operating system, Android 4.2 Jelly Bean , because it comes with built-in SMS attack protection. Such attacks also can be stopped by Android anti-virus software, but adoption of these security tools lags.
The bad news is that as of June 3, Android 4.2 was installed on just 4% of Android smartphones. In other words, the majority of attacks now seen on Android users "could be largely eliminated if the Android ecosystem of OEMs and carriers found a way to regularly update devices," reported Juniper.
How might handset manufacturers and carriers be forced to update and patch their devices more regularly? In fact, thanks to a settlement between HTC and the Federal Trade Commission (FTC) in February, the handset maker will be required to do just that, for at least the next 20 years.
The American Civil Liberties Union (ACLU), meanwhile, has urged the FTC to continue the crackdown by making the country's four biggest wireless carriers update devices regularly, or else. As an incentive, the ACLU has proposed interpreting consumer-protection laws to allow consumers to return any mobile device for a full refund for up to two years after it's been purchased, unless the carrier issues regular information security patches or software updates for the device.
InformationWeek Elite 100Our data shows these innovators using digital technology in two key areas: providing better products and cutting costs. Almost half of them expect to introduce a new IT-led product this year, and 46% are using technology to make business processes more efficient.
The UC Infrastructure TrapWorries about subpar networks tanking unified communications programs could be valid: Thirty-one percent of respondents have rolled capabilities out to less than 10% of users vs. 21% delivering UC to 76% or more. Is low uptake a result of strained infrastructures delivering poor performance?
Top IT Trends to Watch in Financial ServicesIT pros at banks, investment houses, insurance companies, and other financial services organizations are focused on a range of issues, from peer-to-peer lending to cybersecurity to performance, agility, and compliance. It all matters.
Join us for a roundup of the top stories on InformationWeek.com for the week of September 25, 2016. We'll be talking with the InformationWeek.com editors and correspondents who brought you the top stories of the week to get the "story behind the story."