Android phone makers allegedly lied about missed security patches

Android phone makers allegedly lied about missed security patches

Android phone makers allegedly lied about missed security patches

The shoddy state of Android security on smartphones may down to some smartphone makers skipping security updates from Google. And as vendors chalk up security points for non-existent patches, end users are left with a false sense of security. And it's time to start verifying vendor claims about the security of our devices. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone. What they discovered was something they refer to as "patch gap". You can measure the patch level of your own Android phone using the free app SnoopSnitch. Sony and Samsung devices were found to have only skipped 0-1 security update. Huawei, HTC, Motorola, and LG were found to be lacking as many as four, and ZTE and TCL were missing more than four updates in many cases.

One measure of security a user has when using an Android device is when you get the monthly security patches from Google.

While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data. "Probably for marketing reasons, they just set the patch level to nearly an arbitrary date, whatever looks best", Nohl is quoted as saying.

Former Pakistan PM Nawaz Sharif banned from office for life
The court has ruled that the disqualification will hold until the court declaration disqualifying the lawmaker stands. According to Dawn News TV, the verdict was issued unanimously by all five judges of the bench.

Nohl agrees that exploiting missing patches remains hard for hackers, who are more likely to use methods like rogue apps snuck onto the Google Play Store or less secure third party sources. SRL founder Karsten Nohl says that in some cases, a manufacturer might accidentally miss a security patch update, or even two.

However, handsets from less known manufacturers like ZTE and TCL have a worse track record at pushing out security patches.

'We found several vendors that didn't install a single patch but changed the patch date forward by several months.

Wenger admits CSKA gave him a scare
We need to go to the pitch believing in ourselves and that we can make it into the next round. I thought we showed a lot of maturity in the last 20 minutes. "We didn't win duels".

The AI butler that is programmed inside Android 8.1 Oreo has gone through great lengths in improving its services but a bug has prevented it from executing one particular task - playing a song from your Google Music library.

To sum up the findings, vendors such as Google, Sony, Samsung, Wiki on an average missed between 0-1 patches. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote. The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer.

Nohl agrees that exploiting Android vulnerabilities remains hard due to these security layers and points out an easier and more common route to compromising Android devices is through the use of malicious apps - either inside Google Play or outside the store.

Chemical Weapons Found in Blood and Urine Samples from Syrian Victims
President Donald Trump said on Thursday that a possible military strike against Syria "could be very soon or not so soon at all ". Trump ordered a missile strike against Syria in April 2017 after a separate chemical attack killed more than 80 people.

Related news