Over half of Android devices have unpatched vulnerabilities, report says

Results from X-Ray vulnerability scanner show that over half of Android devices are vulnerable to root exploits

Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.

This conclusion is based on scans performed during the last couple of months with X-Ray, a free Android vulnerability assessment tool developed by Duo Security. X-Ray scans devices for known privilege escalation vulnerabilities that exist in various versions of the mobile operating system.

"Since we launched X-Ray, we've already collected results from over 20,000 Android devices worldwide," security researcher Jon Oberheide, who is co-founder and CTO of Duo Security, said Wednesday in a blog post.

Privilege vulnerabilities can be exploited willingly by users in order to gain administrator (root) access on their devices and, for example, replace the firmware provided by the manufacturer with a custom-built one.

However, they can also be exploited by malware for malicious purposes and there have been multiple documented cases of Android malware that incorporated root exploits over the years.

"Since the launch of our mobile security solution, root exploits have been some of the most frequently encountered threats," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender, said Friday via email.

For example, during the first quarter of 2012, the top 10 detected Android threats included the "Rage Against The Cage" exploit, the "GingerBreak" exploit, the "Exploid" exploit and the "Asroot" exploit, Botezatu said.

Some of those cases might have been caused by users who were attempting to "root" their devices. However, others were likely generated by malicious apps that used those exploits, Botezatu said.

Over 50 percent is actually a fairly conservative estimate, Oberheide said. "Yes, it's a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc) has performed thus far."

The slow deployment of security patches to Android devices is a problem that has been known of for years. Manufacturers stop issuing updates for some device models too quickly and even when they do issue updates, some carriers don't distribute them in a timely manner.

"In the Microsoft ecosystem, desktop users know that patches are provided for quite a while, just like what happened with Windows XP," Botezatu said. "Mobile carriers, on the other side, see the mobile device, as well as the operating system running atop of it as a wearable item that rapidly goes out of fashion and has a shorter lifespan than desktops or laptops."

"While it's well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem," Oberheide said. The researcher will present the preliminary results from the X-Ray project at the United Security Summit conference in San Francisco on Friday.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service

Comments

Comments are now closed.

Most Popular Reviews

Follow Us

Best Deals on GoodGearGuide

Shopping.com

Latest News Articles

Resources

GGG Evaluation Team

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Steph Mundell

LIFEBOOK UH574

The Fujitsu LifeBook UH574 allowed for great mobility without being obnoxiously heavy or clunky. Its twelve hours of battery life did not disappoint.

Andrew Mitsi

STYLISTIC Q702

The screen was particularly good. It is bright and visible from most angles, however heat is an issue, particularly around the Windows button on the front, and on the back where the battery housing is located.

Simon Harriott

STYLISTIC Q702

My first impression after unboxing the Q702 is that it is a nice looking unit. Styling is somewhat minimalist but very effective. The tablet part, once detached, has a nice weight, and no buttons or switches are located in awkward or intrusive positions.

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?