How vulnerable is your smartphone to malware attacks? Android is by far the most targeted mobile operating system, but some popular Android phones made by Samsung, HTC, and Motorola, fare a lot worse than others.
Bit9, an enterprise-oriented security vendor, ranked the 12 most vulnerable cell phones (the "dirty dozen") based on how dated its software is out of the box. Android fragmentation is well documented, but your average cell phone user probably doesn’t care if he or she’s on Android 2.3 or Android 2.3.7. Functionally, the versions are similar.
However security-wise, it matters. A lot. For instance if a malicious app breaches an older version of Android, Google patches the vulnerability and releases an incremental update so that app can never exploit your phone again. Then it’s up to the cell phone operator to send your phone that update.
The timing of when you get these updates depends upon your cell phone operator and cell phone manufacturer, rather than Google, which is fundamentally different from how PC security is distributed (it would be akin to buying a PC from Dell and relying on Dell to coordinate with your home Internet provider, instead of Microsoft, to update your Windows software).
Unfortunately, not every Android phone gets updated to the latest version at the same time; pundits say carriers have no economic incentive to send updates to old or unpopular phones.
As a result, according to Google, 56 percent of Android smartphones are stuck on the 18-month old Android 2.3 Froyo, or older versions.
“We need to put pressure on the carriers. Why are they alone responsible for updating your security?” Harry Sverdlove, CTO of Bit9, told PCMag.
Honorable Mention: Apple iPhone 4
Apple's iOS is less fragmented because Apple retains full control over when it releases its software update. But fragmentation still exists, because newer versions of iOS either don’t work or perform uber slowly on models that are over two years old. Others iPhone owners are simply turned off by slow download speeds or excessively large files. Lookout Mobile recently discovered that 30 percent of iPhone users don’t download the latest version of iOS when it comes out, and therefore miss out on time-sensitive iOS patches.
As a result, Bit9 gave iPhone 4 an honorable mention.
Bit9’s “dirty dozen”:
1. Samsung Galaxy Mini (T-Mobile)
2. HTC Desire (U.S. Cellular)
3. Sony Ericsson Xperia X10 (AT&T)
4. Sanyo Zio (Sprint, Cricket Wireless)
5. HTC Wildfire (T-Mobile)
6. Samsung Epic 4G (Sprint)
7. LG Optimus S (Sprint)
8. Samsung Galaxy S (T-Mobile)
9. Motorola Droid X (Verizon)
10. LG Optimus One
11. Motorola Droid 2 (Verizon)
12. HTC Evo 4G (Sprint)
BYOD (Bring Your Own Device), but not an Android!
Bit9’s findings may be preaching to the choir here, but its study is really aimed towards business workers who are ditching their BlackBerries for other popular operating systems—in droves. This week, one study claimed iPhone has surpassed BlackBerry as the most popular smartphone used in the office. But Bit9 and PCMag’s networking analyst Samara Lynn still believe BlackBerry is “tops for IT,” because it uses an enterprise server that gives companies full control over issuing updates.
As mobile malware matures, the targets will inevitably grow bigger and more lucrative.
“We’re going see more and more corporate attacks on smartphones, more spear phishing, more targeted email attacks. Given the landscape, it’s a ripe field that’s growing faster than the security itself,” said Sverdlove.
Fore more on Android fragmentation, see Why Ice Cream Sandwich Might Make Things Worse.
No comments:
Post a Comment