Oct 22, 2012

Half of Android Devices Susceptible to Threats

In today’s workplace, IT departments have an abundance of security issues to face daily. With more employees bringing their own smartphones to work, the threat load has increased. And unfortunately, things are unlikely to calm down soon as Duo Security’s recent report finds that 50+ percent of Android devices are vulnerable to malicious apps. “Since we launched X-Ray, we’ve already collected results from over 20,000 Android devices worldwide, said Jon Oberheide, co-founder and chief technology officer of Duo Security in a company blog post. According to a Duo Security blog, based on their results, they estimate that over half of Android devices worldwide have unpatched vulnerabilities that could be exploited by a malicious app or adversary. Oberheide says that although 20,000 is a “scary number,” it “exemplifies how important expedient patching is to mobile security and how poorly the industry has performed thus far.” For those unfamiliar with X-Ray, Duo Security launched the free app over the summer. X-Ray allows Android users to scan their device for security vulnerabilities that put the device at risk. Not only does X-Ray scan Android devices for security threats, but it can determine whether there are vulnerabilities that remain unpatched by the users’ carrier. In addition, the app will present the users with a list of known, unpatched threats that it can identify, thereby allowing users to check for the presence of such vulnerabilities on their device. Lucian Constantin points out in his recent article that BitDefender’s Senior E-threat Analyst Bogdan Botezatu, recently wrote: “In the Microsoft ecosystem, desktop users know that patches are provided for quite a while, just like what happened with Windows XP. Mobile carriers, on the other side, see the mobile device, as well as the operating system running atop of it as a wearable item that rapidly goes out of fashion and has a shorter lifespan than desktops or laptops.” According to Oberheide, Android devices typically become vulnerable for two reasons: First, Android platform users tend to not protect their smartphone as well as they should. Second, carriers are often very conservative in rolling out patches to fix vulnerabilities in the Android platform leaving users open to threats for months and even years. “While it’s well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem,” said Oberheide. Though Duo Security’s X-Ray is a great method of protection in scanning for malicious apps installed on an Android device, it can’t actually fix detected problems. Although consumers asked for the X-Ray to be distributed on Google Play, Duo Security says Google’s terms of service disallowed applications such as X-Ray that check for Android vulnerabilities. Unfortunately, with so many mobile security threats facing the Android platform, one would think Google would allow an app like X-Ray.