Andorid and Mobile Security Flaws

By | Sep 20, 2012

Mobile security firm, Duo Security, conducted a study recently that showed more than half of Android devices have unpatched flaws. It's a disturbing finding considering that a majority of small and midsized businesses rely on Android technology. The news should raise awareness about security.

The study, featured in an article published in Computerworld, found that more than half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it.

This conclusion is based on scans with Duo Security's X-Ray technology, which is a free Android vulnerability assessment tool. Unlike antivirus software, X-Ray isn't designed to compare the signatures of apps installed with a list of suspicious applications. X-Ray instead finds all of the major privilege vulnerabilities that have affected the Android platform since its inception and exist in various versions of the mobile operating system. The company says that since the launch of X-Ray, root exploits have been some of the most frequently encountered threats.

Nearly 60 percent of small and midsize businesses that use smartphones have Android technology. On average, a small business has three Android based smartphones and a midmarket business has 26 Android based smartphones. That's according to another survey published by Techaisle earlier this year.

Duo Security's results were tallied from 20,000 Android devices worldwide. According to the article, privilege vulnerabilities can be exploited willingly by users in order to gain administrator or root access on their devices. The article also points out that they can also be exploited by malware, and there have been multiple documented cases of Android malware that incorporated root exploits.

In the past year, many Android threats have made headlines, and there have been criticisms that users aren't receiving security patches in timely manner, exposing them to threats. Manufacturers stop issuing updates for some device models too quickly, and, even when they do issue updates, some carriers don't distribute them fast enough. Android isn't known for its security, yet it remains popular, so small and midsize businesses should be aware of the security measures that they employ in the workplace. BYOD policies don't help the situation but often cannot be avoided.

Android will remain a desired technology among small and midsize businesses because it is open-sourced with great potential on the Ultrabook platform. The recent findings by Duo Security exemplify how important expedient patching is to security and how poorly carriers and device manufacturers have performed up to this point. Hackers have capitalized on the fact that such vulnerabilities go unpatched for many months due to conservative practices and lack of awareness. The hope is that Duo Security's findings will continue to pressure carriers into getting serious about patching their Android devices and encourage small and midsize business to become very serious about security measures.

This post was written as part of the IBM for Midsize Business program, which provides midsize businesses with the tools, expertise and solutions they need to become engines of a smarter planet. Like us on Facebook. Follow us on Twitter.

IBM Solution Security & Resiliency

IBM IT security expertise can help medium-sized businesses develop, implement and maintain comprehensive strategies to combat ever-evolving security threats without increasing complexity, cost, or resources required for administration.

Learn More »

More on This Topic

Three Security Concerns for 2016

By Allan Pratt on Dec 4, 2015
As we near the end of 2015, what will 2016 look like in the information security sector? Undoubtedly there be an increase in data breaches across all industries, but will businesses take the high road and inform their customers and ...