Check Your Phone: Researchers Find Hidden Patch Gap in Android
NEWS

Check Your Phone: Researchers Find Hidden Patch Gap in Android

Researchers Karsten Nohl and Jakob Lell from security firm Security Research Labs have uncovered a hidden patch gap in Android devices. The two conducted a two-year analysis of 1,200 Android phones, and just presented their results during the Hack in the Box conference in Amsterdam.

Related Story: SonicSpy Android Spyware Generates over 1000 Apps

Android’s Hidden Patch Gap Explained

Android has had its difficulties with patching in the past, with only 17% of devices operating on a recent patch level in 2016, the researchers pointed out. Even though things have improved since then with vendors improving their patch frequency, it still turns out that Android is not as fully secured as it should be.

More specifically, the freshly-released large study of Android phones reveals that most Android vendors regularly forget to include some patches, leaving parts of the ecosystem exposed to various threats.

Modern operating systems include several security barriers, for example ASLR and sandboxing, all of which typically need to be breached to remotely hack a phone. Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device. Instead, multiple bugs need to be chained together for a successful hack.

The problem is that malicious actors are aware of the challenges in hacking Android phones. Thus, the focus is on social engineering tricks where users are lured into installing malicious applications. We have seen plenty of infections stemming from infected apps downloaded from third-party stores and sometimes even from Google Play.

Related Story: Malicious Android QR Reader Apps Downloaded More Than 500K Times

Once installed on a device, the app grants excessive permissions and hackers can do whatever they are seeking to do. In other words, in order to get access to Android phones hackers don’t need to carry out complex hacking activities. They just need to trick the user into installing a bad app. Of course, state-sponsored attackers can operate in a stealthiy manner and often employ zero-day flaws in their attacks.

Be aware of your Android patch level, the researchers’ advice is

Patching is critically important to uphold the effectiveness of the different security layers already found in Android. Now that monthly patches are an accepted baseline for many phones, it’s time to ask for each monthly update to cover all relevant patches.

Users can verify their vendors’ patching claims regarding their devices by measuring the patch level of their Android phones by using a free app called SnoopSnitch. SnoopSnitch is designed to analyze the user’s phone’s firmware, and provides a detailed report with the patch-status of vulnerabilities (CVEs) on a monthly basis.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Web Browsing Secure And Privacy Service
Special Offer
What Is a VPN and How Does It Work?

VPN is a service that keeps your web browsing secure and private.
Stop mass surveillance and browse freely by using a VPN. Keep your data encrypted, your IP hidden and your location changed!

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Secure Service for Private Browsing
Special Offer
What Is a VPN and How Does It Work?

VPN is a service that keeps your web browsing secure and private.
Stop mass surveillance and browse freely by using a VPN. Keep your data encrypted, your IP hidden and your location changed!

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum for 4 years. Enjoys ‘Mr. Robot’ and fears ‘1984’. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles!

More Posts

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...