learningandfinance.com


Electronics

Android phones may have hidden missed security patches from you

Share
Google Home Unboxing and Setup process- GIZBOT

Meanwhile, Google has responded to the report saying it is working with SRL Labs to further investigate its findings.Google responded to the issue, in an emailed statement to Gadgets 360, "We would like to thank Karsten Nohl and Jakob Kell for their continued efforts to reinforce the security of the Android ecosystem".

Some Android phone makers have been caught actively deceiving their customers about the security of their smartphones.

It found that in some cases, Android smartphone makers allegedly told users that smartphone's software has been updated with monthly patches when it hasn't. In a practical scenario, when you find that your device's firmware is fully updated, you get a false sense of security. However, a new set of reports now indicate that some OEM's are claiming that their devices are updated with the latest security patches from Google without actually installing them. This is incredibly simple to fake-even you or I could do it on a rooted device by modifying ro.build.version.security_patch in build.prop. This means that the latter two companies have missed at least 4 patches during a security update for one of their devices after October 2017. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

The decision to choose one smartphone brand over the other is also influenced by how soon the manufacturer is rolling out regular security and software updates. Missed patches refer to those that companies claimed to have installed but were found to be missing. At times it was found that vendors didn't even install a single patch, but only changed the date of the update by forwarding it by several months.

Indeed, Google is the source of Android's security patches.

Business Insider requested comment from all the Android phone makers in Wired's story, including Samsung, Sony, Wiko, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, Motorola, TCL, and ZTE.

Stormy Daniels' Attorney Expects Michael Cohen to Plead the Fifth
Daniels has said the payment was hush money to buy her silence about an alleged affair with Trump ten years ago. Later Tuesday, Avenatti said he and Daniels will "fully cooperate with any search for the truth".

Knightdale incest couple, baby dead in multi-state crime scenes
John Ryan. "I waited 18 long years to have a relationship with my daughter - and now he's completely destroyed it". Katie lived with the family, including two younger sisters, at a home on Locustgrove Court in Henrico's West End.

Missing African athletes in Australia jump to 13
The Cameroonians failing to appear in their events saddened Commonwealth Games Federation chief David Grevemberg . Martin said cleaners had found a needle in a cup in the apartment assigned to Babu and Thodi on Thursday.

While many of these missed security patches may not be inherently unsafe in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

Users who want to monitor the patch state of their device can use SRL's free patch verification app, SnoopSnitch.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security".

Nohl agrees that exploiting Android vulnerabilities remains hard due to these security layers and points out an easier and more common route to compromising Android devices is through the use of malicious apps - either inside Google Play or outside the store.

"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.

Share