The Dangerous Vulnerabilities Hiding In The Heart Of Android

I’ve spoken before on Forbes about the inability of the Android ecosystem to cope with the vulnerabilities and malicious exploits that are attacking one of the world’s most popular operating systems. A recent study from the University of Cambridge backs up this view, showing that just under nine in ten Android devices (87.7 percent) are exposed to at least one of eleven critical vulnerabilities.

The study (‘Security Metrics for the Android Ecosystem‘ by Daniel R. Thomas, Alastair R. Beresford, and Andrew Rice) examined 20,400 Android devices from a mix of manufacturers and carriers.

The core problem at the heart of Android is the lack of updates to consumer’s handsets after purchase. Thomas, Beresford, and Rice sum up the issue as part of the paper.

Unfortunately something has gone wrong with the provision of security updates in the Android market. Many smartphones are sold on 12–24 month contracts, and yet our data shows few Android devices receive many security updates, with an overall average of just 1.26 updates per year, leaving devices unpatched for long periods of time.

The study considered concerned itself with vulnerabilities that gave an attacker significant permissions such as root level access without having physical access to the device. These  could be through an installed application, dynamic code, or code injection. Worryingly, the study only looked at eleven vulnerabilities. Using androidvulnerabilites.org for reference, there were thirty-two potential vulnerabilities to choose from. While the study is restricted to those issues that met the previous criteria, the results should be regarded as being at the lower end of the possible outcomes.

Source :www.forbes.com