Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Saturday March 07 2020, @06:39AM   Printer-friendly
from the planned-obsolescence dept.

One billion Android devices at risk of hacking:

More than a billion Android devices are at risk of being hacked because they are no longer protected by security updates, watchdog Which? has suggested.

The vulnerability could leave users around the world exposed to the danger of data theft, ransom demands and other malware attacks.

Anyone using an Android phone released in 2012 or earlier should be especially concerned, it said.

[...] Google's own data suggests that 42.1% of Android users worldwide are on version 6.0 of its operating system or below.

According to the Android security bulletin, there were no security patches issued for the Android system in 2019 for versions below 7.0.

[...] How to check whether your phone is vulnerable and what to do

  • If your Android device is more than two years old, check whether it can be updated to a newer version of the operating system. If you are on an earlier version than Android 7.0 Nougat, try to update via Settings SystemAdvanced System update
  • If you can't update, your phone could be at risk of being hacked, especially if you are running a version of Android 4 or lower. If this is the case be careful about downloading apps outside the Google Play store
  • Also be wary of suspicious SMS or MMS messages
  • Back up data in at least two places (a hard drive and a cloud service)
  • Install a mobile anti-virus via an app, but bear in mind that the choice is limited for older phones

More than a billion hopelessly vulnerable Android gizmos in the wild that no longer receive security updates – research:

File this one under "well, duh." Consumer mag Which? today published research estimating that over a billion Android devices are vulnerable to hackers and malware as they are not receiving security updates.

Data obtained from Google by the publication found that 42.1 per cent of active Android users are languishing on version 6.0 or earlier.

The most current version of Android is version 10, while Android 9.0 Pie and Android 8.0 Oreo continue to receive updates. The Chocolate Factory is expected to release a major update to the world's most popular mobile operating system, Android 11, later this year.

Anything below Android 8.0, therefore, is vulnerable. Extrapolating from the data, Which? believes that almost one billion Android phones are inherently vulnerable.

Compounding the problem is the proliferation of older devices on sites like Amazon, where they're sold by third parties. The mag bought a handful of phones – including the Motorola X, Sony Xperia Z2, and Samsung Galaxy A5 2017 – and found they were susceptible to a host of long-discovered vulnerabilities, including Stagefright, Bluefrag and the Joker Android malware.

Which? is encouraging those with older phones who can't update to take sensible precautions – such as avoiding side-loaded apps and ensuring their data is backed up.

Previously:
Vulnerability in Fully Patched Android Phones Under Active Attack by Bank Thieves
Major Security Bug Called StrandHogg Discovered in All Android Versions


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 0) by Anonymous Coward on Saturday March 07 2020, @10:40PM (5 children)

    by Anonymous Coward on Saturday March 07 2020, @10:40PM (#968006)
  • (Score: 1) by petecox on Monday March 09 2020, @07:10AM (4 children)

    by petecox (3228) on Monday March 09 2020, @07:10AM (#968436)

    Nope, too old for that even - LineageOS is no longer supported except through an unofficial XDA forum release.

    So my Nexus 4 is running supported Ubuntu Touch; although it may well be susceptible if the Hybris layer hasn't been kept current.

    • (Score: 0) by Anonymous Coward on Monday March 09 2020, @09:10PM (3 children)

      by Anonymous Coward on Monday March 09 2020, @09:10PM (#968690)

      LineageOS is no longer supported except through an unofficial XDA forum release.

      And...that's unacceptable because?

      Resurrection Remix can give you Oreo [getdroidtips.com].

      My phone (HTC OneMax [wikipedia.org]) isn't supported by HTC and the latest version supported by LineageOS is 15.1. ResurrectionRemix has support for Pie though.

      I get that you're annoyed that Google isn't supporting updates for your (perfectly good) phone. But you at least got Lollipop. HTC never got me past KitKat.

      I'm fairly pissed myself. However, railing against Google (or HTC in my case) won't get you new features and security updates.

      Custom Roms will. And with them you can get a fairly recent version of Android on your phone

      What you choose to do is no skin off my nose one way or another. I was just trying to help.

      • (Score: 1) by petecox on Tuesday March 10 2020, @02:23AM (2 children)

        by petecox (3228) on Tuesday March 10 2020, @02:23AM (#968854)

        And...that's unacceptable because?

        Better than nothing but an officially supported LineageOS device will have standards [github.com] that the hardware is working and security patches are rigorously applied. With an unofficial build, it might or might not.

        Perhaps I expect more of our corporate overlords. Anyhow, Google is a TRILLION DOLLAR company not to mention the custodians of the OS. For them to abandon support after 3 years because they can't be arsed is half-arsed.

        • (Score: 0) by Anonymous Coward on Tuesday March 10 2020, @03:25AM (1 child)

          by Anonymous Coward on Tuesday March 10 2020, @03:25AM (#968881)

          Perhaps I expect more of our corporate overlords. Anyhow, Google is a TRILLION DOLLAR company not to mention the custodians of the OS. For them to abandon support after 3 years because they can't be arsed is half-arsed.

          You'll get no argument from me about that.

          And as I noted, Google isn't the only phone vendor doing so. I'd point out that one of the reasons for lack of ongoing upgrades/support is as a push to get you to shell out for a *new* phone, even though the one you have is perfectly serviceable.

          Which is why, IMHO, it's a good idea to use and support custom ROM development.

          Especially because (as I found out [soylentnews.org] while trying to get newer versions of Android working on my phone) as support for the hardware is abandoned by manufacturers, it becomes more and more difficult, without significant effort and expertise, to support that hardware on newer versions of Android.

          • (Score: 1) by petecox on Tuesday March 10 2020, @03:50AM

            by petecox (3228) on Tuesday March 10 2020, @03:50AM (#968897)

            Looking thru the journal entry, someone was spruiking /e/ - the "Google Free" fork of LineageOS/microg.

            I might give that a go, it has maintained fortnightly builds for Nexus 4 based on Nougat.

            So yes, thanks.