Is your Android phone hiding security updates from you?

2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f85462%2f15e3d997 7fbc 4477 8039 27eea2294326

That's according to a two-year-long study by Security Research Labs (SRL), finding a so-called "patch gap", Wired reports.

Google is known for rolling out security updates from time to time for Android smartphones.

These smartphone makers have created a false sense of security among their users. Thankfully, there's an app called "SnoopSnitch" that allows you to check if your phone is running the security patches that the phone claims to be running...

This morning, a report came out explaining that a research firm discovered some Android OEMs were lying to customers about their device's current security patch.

Android phone makers could also potentially "miss a patch or two by accident", according to SRL's Karsten Nohl.

The whole process that takes place during the test may result in omitting a security patch. Out of the 1,200 phones that were tested by the firm, including devices from Google (the primary source for updates to Pixel phones), Samsung, HTC, Motorola, and TCL, the issue impacted even the flagship models from the likes of Samsung and Sony.

One method used by certain Android phone makers includes changing the date of an earlier patch to deceive users into thinking they have the latest security patch.

Читайте также: CWG 2018: India's Bajrang Punia wins gold in men's freestyle wrestling event

Security patches on third-party devices has been an ongoing issue for Google and its Android operating system. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Karsten Nohl, Security Research Labs founder, told the publication.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl further revealed. While phones making use of Qualcomm's Snapdragon and Samsung's Exynos are less likely to miss out on patches, those running on MediaTek chipsets were found to be missing out on a lot more (9 on average). The company further stated that in some cases, patches might have been missing because the phone vendors responded by simply removing the vulnerable feature from the phone rather than patch it.

LG, Motorola, Huawei, and HTC missed 3-4 patches, and Nokia, OnePlus, and Xiaomi skipped 1-3 patches on an average.

While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". We're working with them to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google suggested security update.

"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.

При любом использовании материалов сайта и дочерних проектов, гиперссылка на обязательна.
«» 2007 - 2018 Copyright.
Автоматизированное извлечение информации сайта запрещено.

Код для вставки в блог

Related News:



Most liked

High-definition vinyl: coming soon to a turntable near you
But, one company is heading up a new wave of high definition vinyl that could mean more records and turntables in the mix. This would give records longer playing times, louder volume and most importantly - higher fidelity audio.

Lynx draft Gophers star guard Wagner
As I started this process with Minnesotaniversity of Minnesota, it was important to me that I returned to the Lynx this season. She has also won two Olympic gold medals, but this will be her first job as a head coach.

Fortnite, the Video Game Industry's Biggest Title, Offline for Second Day
Identified - The initial fix was unable to handle returning traffic, and we're again experiencing issues with login success . They know how frustrating it has been for gamers all over the world and they will be offering the following freebies.

Trump Signs Executive Order to Review US Postal Service Finances
These $5.4 to $5.8 billion yearly payments account for 87 percent of reported USPS losses since 2007, and 100 percent since 2013. Still, federal regulators have reviewed the Amazon contract with the Postal Service each year, and deemed it to be profitable.

Russian Federation rejects Skripal attack findings report by chemical weapons watchdog
Britain has blamed Russian Federation for the March 4 poisoning of the Skripals with a nerve agent developed by the Soviet Union. Yulia Skripal, 33, was released from the hospital earlier this week and transferred to an undisclosed "secure location".

All's well that ends WEL: Arsenal off the ropes and into semis
They led 4-1 from the first leg but found themselves 2-0 down on the night after 50 minutes in Russian Federation . The winners of the Europa League are guaranteed a spot in the group stages of next season's Champions League.

US President Tells Russia To 'Get Ready' For Missile Attacks In Syria
Intelligence shared by the United States and France had "in theory" confirmed the use of banned substances in the attack, it adds. A mercurial plan of action may have worked in the Trump Organization board room, but it's a disastrous tactic in foreign affairs.

The Launch of Reliance Jio 4G Laptops
After launching JioFi dongles and LYF 4G smartphones, Reliance focusing on the computer market can be a potential game changer. The intent to develop such a laptop is being attributed to increasing the average revenue per user (ARPU) for Reliance Jio .

Russian Federation urges full access to evidence in spy case
Britain says that means only a state with a sophisticated laboratory could have manufactured it. Until that time, I want to stress that no one speaks for me, or for my father, but ourselves.

'Jessica Jones' Season 3 Renewed: Here's What to Expect
Fittingly, the global release of the series' second season also happened to coincide with International Women's Day . The second season the show debuted this past March, and there is no word on when the third season will debut yet.

Supreme Court clears decks for release of movie 'Nanak Shah Fakir'
If there is dissatisfaction and outrage over the film, what is the point of releasing it in the state". Talking to HT, Sikka said: "I am not going to release the film in Punjab.

India's factory output expands at 7.1% in February vs 7.5% (MoM)
Overall industrial output, which also includes energy production, went up 0.1% in February, after a 1.3% rise the previous month. Manufacturing output in the United Kingdom fell on the month in February, adding to signs the economy had a slow start to 2018.

Group gathers on 'Equal Pay Day' to urge equality for women
In contrast, the gender pay gap for architects is just 4.4 per cent and for chartered surveyors it is eight per cent. One glance at the #MeToo campaign or the countless claims of sexual harassment at work quickly dispels that idea.

Rival resolutions fail on Syria chemical weapons probe
It was the 12th time that Russian Federation has used its veto power at the council to block action targeting its Syrian ally. That panel had found that the Syrian air force had dropped sarin on the village of Khan Sheikhun in April of previous year .

Some Android OEMs lied about applying security updates
Researcher Karsten Nohl said, "We find that there's a gap between patching claims and the actual patches installed on a device". To sum up the findings, vendors such as Google , Sony , Samsung , Wiki on an average missed between 0-1 patches.