Information security watch – Android smartphones
Android has the largest smartphone operating system (OS) market share (75 per cent, 162.1 million units shipped), according to International Data Corporation (IDC) for the 1Q2013. However, most smartphone owners are still using obsolescent OS versions, such as Donut 1.6, Éclair 2.1, Froyo 2.2, Gingerbread 2.3 and Honeycomb 3.x, which were released prior to Android 4.0 Ice Cream Sandwich (ICS), according to Google.
This implies that a significant number of Android users have not updated their devices with the latest security patches and/or upgrades, available in the latest version and, as a result, are open to security vulnerabilities.
There are also many third-party Android app stores, as well as widespread piracy, making this eco-system even worse. US researchers say many texting, messaging and other apps developed for Android smartphones have security flaws which may expose private information or allow ready access to malicious code that can exploit the vulnerable programs. This is primarily due to developers inadvertently exposing parts of the app code to public, which should have been kept secure throughout. It has also been reported that malware sends all data from infected devices to an attacker-controlled server, or SMS Trojans could run in the background and send text messages to premium rated numbers on Android 2.2 Froyo and Android 2.3. Since Android security updates can sometimes take more than six months to reach users, it leaves a wide window of opportunity for malware developers to deliver Trojans (hidden programs) which exploits known vulnerabilities. Smartphone manufacturers work closely with the Operating System (OS) providers to offer the latest software to as many devices as possible.
However, the manufacturers are failing to provide up-to-date software releases as the hardware specifications of some models are limited. These models were fully optimised to provide the best OS experience when the devices were launched.
The major part of the problem with Android vulnerabilities is human nature. The vast majority of malicious mobile apps are Trojans which exploit the victims’ curiosity or desire for a freebie. Hence, users need to be more aware when using the OS, and not get duped by suspicious “too good to be true” offers in pop ups, counterfeit apps from fake app stores and links that offer a prize for clicking on them. It is also important to install an antivirus software such as Lookout to protect from the emerging internet based threats.
(The writer is a risk and compliance professional and Director at Layers-7 Seguro Consultoria (Pvt) Ltd. He has worked for KPMG, ITC, CSL, JKCS, KBSL, e-Cop and TVSNet (formerly Ramco Infotech) and is the founding member and charter secretary of the ISC2 Chennai Chapter and founder/President of Information Security Professional Associates (iSPA) and a board member of the ISC2 Colombo Chapter. He can be emailed at sujit@layers-7.com).
Follow @timesonlinelk
comments powered by Disqus