3 min read

Over one billion Android devices at risk as they no longer receive security updates

Graham CLULEY

March 06, 2020

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
Over one billion Android devices at risk as they no longer receive security updates

More than one billion Android devices are at risk of being hacked or infected by malware, because they are no longer supported by security updates and built-in protection.

That’s the conclusion of an investigation by Which?, which found that at-risk smartphones are still being sold by third-parties via sites like Amazon, despite the range of malware and other threats to which they are vulnerable.

The report cites data that Google collected itself in May 2019, which discovered that 42.1% of active Android users worldwide were running version 6.0 (known as Marshmallow) of the operating system or earlier.

The problem with that picture is that the current version of Android is version 10, released last September. Its immediate predecessors – Android 9.0 Pie and Android 8.0 Oreo – continue to receive updates, but earlier versions do not.

To demonstrate the problem, Which? purchased a Motorola X, Samsung Galaxy A5 2017 and Sony Xperia Z2 from Amazon Marketplace sellers and put them to the test alongside an LG/Google Nexus 5 and Samsung Galaxy S6 they already had in its test lab.

In tests conducted with experts at AV-Comparatives, it was found that the phones were susceptible to a variety of vulnerabilities made public long ago.

These included:

  • BlueFrag – a critical vulnerability in Android’s Bluetooth component that could allow a nearby malicious hacker to compromise a device in order to steal data and spread malware.
  • Stagefright – first discovered in 2015, hackers could exploit unpatched Android devices to to silently and remotely infect them with malware via a boobytrapped MMS message.
  • Joker (also also known as Bread) – malware that poses as a legitimate app in the Google Play store, but registers victims’ devices for premium-rate services and plunders devices’ address books.

Kate Bevan of Which? is calling on phone manufacturers to be more transparent about how long consumers can expect to have their devices supported with critical security updates:

“It’s very concerning that expensive Android devices have such a short shelf life before they lose security support – leaving millions of users at risk of serious consequences if they fall victim to hackers. Google and phone manufacturers need to be upfront about security updates – with clear information about how long they will last and what customers should do when they run out.”

The best thing to do, of course, is for Android users to run a more secure version of the operating system on their smartphones – one that is still receiving security patches.

But, if your older phone isn’t able to be updated, what steps should you take to better secure yourself?

Clearly, regular backups of important data are always a good idea. That’s sensible even if you aren’t worried about having your phone hacked, as a backup could save your bacon if you were to ever accidentally damage your phone or have it stolen.

But also be aware that the majority of malware threats for Android originate outside the official Google Play store. Be wary of side-loading apps from other sources as they may not have been as well vetted.

In addition, always be careful about clicking on suspicious-looking links or opening attachments in SMS or MMS messages if you are not expecting them.

You may also want to consider running a mobile anti-virus product on your device.

If smartphone security doesn’t improve, the only people who are going to smiling about the more than one billion vulnerable Android devices will be the criminals themselves.

tags


Author



Right now

Top posts

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

Identifying and Dealing with Online Bullying Is Not Impossible - School Presentation Inside

June 28, 2022

2 min read
Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

Let’s Celebrate World Social Media Day by Improving Your Privacy and Security Online

June 28, 2022

3 min read
Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

Bitdefender Reveals the Top Cyber Threats Faced by Consumers in 2021

June 22, 2022

1 min read
Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

Scam alert: Cybercrooks use shady investment domain to scam keen investors out of money and data

May 24, 2022

3 min read
John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

John Oliver Shows the Dark Side of Data Brokerage on Last Week Tonight

April 15, 2022

3 min read
Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

Bitdefender Labs Warns of Phishing Scams Targeting MetaMask Users

April 14, 2022

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Israeli Authorities Seized Severs of Breached Company for Not Cooperating Israeli Authorities Seized Severs of Breached Company for Not Cooperating
Silviu STAHIE

July 04, 2022

1 min read
FTC warns LGBTQ+ community of extortion scams targeting them on dating apps FTC warns LGBTQ+ community of extortion scams targeting them on dating apps
Graham CLULEY

July 01, 2022

2 min read
OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you? OpenSea Breach Exposes 1.8 Million Email Addresses. How does it affect you?
Radu CRAHMALIUC

June 30, 2022

3 min read