Published: Sun, April 15, 2018
Industry | By Kenny Hampton

Some Android Manufacturers Reportedly Skipping Security Patches

Some Android Manufacturers Reportedly Skipping Security Patches

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired. They found what they call a "patch gap": In many cases, certain vendors' phones would tell users that they had all of Android's security patches up to a certain date, while in reality missing as many as a dozen patches from that period-leaving phones vulnerable to a broad collection of known hacking techniques.

In response to Google's statement, SRL's Karsten Nohl said that while it's unlikely that OEMs have gone as far as circumventing a patch to cover a vulnerability, he agrees that it most hackers will find it hard to hack an Android phone because of the OS's base security features like the randomization of file addresses and app sandboxing.

The list includes major Android phone makers like Google, Samsung, Xiaomi, OnePlus, Sony, LG, Huawei, Nokia, Motorola, HTC, ZTE and TCL. Statistics released by Google in February claim that just 1.1 per cent of Android devices are working on the latest Android version. The post was about a security patch in which the company has demonstrated the updated DNS settings via a screenshot.

Because of the structure of Android, security updates are dependent on device manufacturers, which can make the update process tricky.

Telegram hit with block in Russian Federation over encryption
The Virgin Islands-registered company has over 9.5 million users in Russian Federation , according to researcher Mediascope. A person in the Russian government told Reuters that they plan to use a VPN app for accessing the service post this order.

Texas governor says Guard impact 'meaningful'
California Governor Jerry Brown has been at loggerheads with Trump over opposing stance on the United States' immigration policy. Because of the $700 & $716 Billion Dollars gotten to rebuild our Military, many jobs are created and our Military is again rich.

U.S. denies attack on Syrian military base
Three Iranian militia were killed on Sunday in an overnight airstrike by Israeli forces in Syria, Iranian media reported. A 2013 chemical attack in eastern Ghouta that killed hundreds of people was widely blamed on government forces.

What's The Story Of Android's Security Patches All About?

Some manufacturers fared better than others. TCL and ZTE were the worst, with more than four missed patches found, though few ZTE samples were available as well. "Now that monthly patches are an accepted baseline for many phones, it's time to ask for each monthly update to cover all relevant patches".

Nohl said that this "deliberate deception" wasn't as common as vendors simply forgetting to update their devices. SRL notes that MediaTek was the biggest offender for chip-level patch omissions - those ended up going up the chain to the OEMs and, thus, were missing from the overall software updates.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Like this: