Researchers say some Android phone makers hide missed updates

Krales  The Verge

These smartphone makers have created a false sense of security among their users.

In a recent report by a German security firm, it was found that several Android phones missed multiple security patches leaving these devices vulnerable to a broad collection of known hacking techniques. The J5 did miss some security patches from 2017, but it didn't advertise that they were installed. Yes and no. While it's disgraceful for the companies to misrepresent a security patch level, SRL points out that often chip vendors are to blame: devices sold with MediaTek chips often lack many critical security patches because MediaTek fails to provide the necessary patches to device makers.

As I mentioned in the first step, the SnoopSnitch app isn't fully working on devices running Android 8.1 like the Pixel 2. The companies like Google, Samsung, and Sony got a very good record of installing the patches but the companies like Lenovo's Motorola, TCL and ZTE have got the problem to roll out the updates.

Device fragmentation has always been a challenge for Google when releasing updates for its Android platform, which is by far and away the most popular mobile software on the planet. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote. The Berlin-based team found that many Android phone manufacturers were far behind on updates, or even lying about the last security update applied to the phone. Compared to flagships, cheaper phones are found to be skipping more patches, which also tend to use cheaper chips.

Failing to update their smartphones with the latest security updates is one thing, but SRL found that some simply lie about installing any patches at all. Sony and Samsung were both flagged as having missed some security patches - in some cases in spite of reporting that they were up to date.

Jane 'Buckskin Girl' Doe identified after 37 years
Chief Deputy Steve Lord said King's mother has long hoped her daughter's murder would be solved. An autopsy found that the young woman was killed by strangulation and blunt force trauma.

Pakistan court bans ex-PM Sharif from elections for life
According to television news channels, the verdict was issued unanimously by all five judges of the bench. Following the verdict, both Sharif and Tareen have become ineligible to ever hold public office.

"High Definition Vinyl" Is Happening, Possibly as Early as Next Year
Cutting lathes and nickel-plated stampers to press vinyl are outdated and HD Vinyl will use lasers to etch a better "stamper". Assuming all goes according to plan, they are hoping to get the first HD vinyls into stores by the summer of 2019.

HTC, Huawei, LG and Motorola all had between three and four skipped patches while Xiaomi, OnePlus and Nokia skipped, on average, between one and three security updates.

Google's Android product security lead, Scott Roberts, said: "We're working with [SRL] to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google-suggested security update". This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed.

"Built-in platform protections, such as application sandboxing, and security services, such as Google Play Protect, are just as important", he said.

Nohl agrees that exploiting Android vulnerabilities remains hard due to these security layers and points out an easier and more common route to compromising Android devices is through the use of malicious apps - either inside Google Play or outside the store.

Related News:



Most liked

Sridevi wins first National Award, posthumously
The film was also recognised for original screenplay, while the best dialogues went to Odiya film " Hello Arsi ". Announcing Sridevi's name, feature film jury head Shekhar Kapur said the actor was the most deserving candidate.

Black flags, 'Go back Modi' chants greet PM Modi at Chennai
Members of the Thamizhaga Vazhvurimai Katchi (TVK) were detained as they tried to enter the airport and climbed on hoardings. Urging the government to act fast, Hassan requested the government to take cognisance of the protests held in the state.

Teen killed in minivan was trapped under third-row seat, official says
Hamilton County Sheriff Jim Neil has ordered an administrative investigation to make sure department protocols were followed. Mercy Montessori, where Kyle went for early education, released a statement saying, "Our Mercy hearts are heavy".

NHRC slaps notices on Centre, Telangana on sexual harassment in films
MAA announced that it would not give membership to Sri Reddy and will also banish anyone who works with her going forward. Maa association now removed the ban on her and even started a team to stop this casting couch issues.

Thursday's Wake-Up Weather: Hot and windy today!
Friday night after sunset rain will begin to change to snow from west to east as the cold side of this storm system moves in. Southwest winds will stay a little breezy, but a big push of warm air will ride up the East Coast with that southwest breeze.

Fortnite is back, and Epic is apologizing with in-game gifts
Update - We'll be undergoing emergency downtime to deploy major upgrades to our database systems. In a measure towards resolution, matchmaking will be blocked for a short period .

President Trump's 'Post Office Scam' Feud With Amazon Just Got Hotter
Claims that Amazon is taking advantage of the Postal Service have not passed muster with fact checkers. Gerry Connolly, D-Va., a member of the House Oversight Committee, said in a statement to USA TODAY.

Salisbury attack: Chemical weapons watchdog confirms United Kingdom findings on nerve agent
Britain has said the use of such an obscure poison indicates Moscow was either to blame or had lost control over its nerve agents. Russian Federation has denied involvement in the attack and contends Britain has not provided evidence to support its allegation.

Elneny: We're ready to face any team in semi-final
With the Gunners on the attack, Welbeck passed to Elneny who then provided the striker with the ideal ball to slot home.

Trump threatens missiles: 'Get ready Russia'
There were signs, though, of a global effort to head off a unsafe conflict pitting Russian Federation against the West. What has Trump said about the attack? A US guided-missile destroyer, the USS Donald Cook , is in the Mediterranean.

Reliance Jio in talks with Qualcomm to launch laptops with cellular connectivity
The move to launch self-branded laptops is said to be targeted at increasing its average revenue per user (ARPU). Last year, Reliance Jio had clocked $4.70 (INR 300) ARPU , much higher than all its competitors in India.

Russian TV crew slammed for sneaking into Skripal hospital
Britain has said the use of such an obscure poison indicates Moscow was either to blame or had lost control over its nerve agents. Russian Federation denies involvement in the pair's poisoning, which triggered a diplomatic crisis between Moscow and the West.

Games-Highlights on day nine of Commonwealth Games
Home Affairs Minster Peter Dutton said that all missing athletes and officials will be shown scant sympathy when caught. Athletes must have a specific medical exemption to have needles at the Games as part of the fight against doping.

Unnao rape case: CBI detains accused BJP legislator
Two complaints were filed in the aftermath, one against the teenager's family and the other against the suspected assailants. Sengar was detained from a house in Lucknow's Indira Nagar and taken to the CBI's office in Hazratganj at around 4am.

Gender pay gap for council staff revealed
According to the analysis, the gender wage gap is largest in Louisiana and Utah, followed closely by West Virginia and Montana. The College reported a median gender pay gap of 3.57%, compared to the 10% national average for Further Education colleges.