Some Android OEMs have been caught lying about security patches

Some Android OEMs have been caught lying about security patches

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired. Latest research at Security Research Laboratory in Germany has discovered that many vendors of android are wrongly informing customers that their devices are continuing the most recent updates.

Speaking at the Hack in the Box security conference in Amsterdam, Karsten Nohl and Jakob Lell from Security Research Labs gave details of their findings after two years of research.

WIRED reached out to Google for comment on SRL's findings, to which the search-giant responded that while it appreciates the firm's research, some of the analyzed handsets may not have been Android certified; meaning, that unlike the company's flagship Pixel handsets, they may not be held to Google's security standards. The J5 did miss some security patches from 2017, but it didn't advertise that they were installed. An app called SnoopSnitch enables users to check if smartphone is running the security patches which it claims. On the other hand, in the OnePlus 5T the test result was inconclusive in the case of 5 patches but the handset has not missed any patch. The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices.

SRL found that Samsung's budget J3 smartphone claimed to have every security patch from 2017 installed, but it was actually missing 12 of the patches released during that year.

"As more Africans come online every year, using mobile phones as their primary and sometimes only internet device, online is not somewhere they "go" anymore but where they live, connecting with people, places and things that matter to them".

While many of these missed security patches may not be inherently unsafe in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

Billionaire Toy Tycoon Bids $890 Million To Save Toys "R" Us
Toys "R" Us, once the largest USA toy retailer, abandoned last month a plan to emerge from bankruptcy . Larian would join a list of bidders taking last-minute looks at parts of Toys "R" Us.

On the user's part, it's nearly impossible to know which patches are missing and which are actually installed.

Xiaomi, Nokia, HTC, Motorola and LG all made the list, as well, while TCL and ZTE fared the worst in the study, with, on average, not having installed more than four of the patches they claimed to have installed on a given device. On some phones, the patch gaps numbered in the dozens.

ZTE and TCL appear to be among the worst offenders, while Google, Samsung and Sony are the best at patching.

Research from Security Research Labs shows there is a "patch gap" in terms of Android vendors' devices. Your phone may say it is patched, but in reality, it may not be. These updates even include ones that were considered critical for device safety.

The company added that it was working with the research authors to improve detection mechanisms when a device uses an alternate patch as opposed to a Google-endorsed update.

Related News:



Most liked

Tigers' Jordan Zimmernann leaves game after being hit in the face
Zimmerman left the game and was able to walk off the field under his own power, according to Fox Sports Detroit . Zimmermann was in obvious pain - Kipnis was shaken up as well - before leaving the field.

Royal Family: Prince Philip discharged from hospital after hip replacement
It is understood the 96-year-old had been having trouble with his hip for about a month before the operation. He is expected to need a rehabilitation period and to use crutches for a number of weeks.

Santoliquito: Sydney Crosby And The Penguins Embarrass The Flyers
The Flyers must find a way to stop the Penguins when down a man and avoid taking needless penalties if they hope to win Game 1 . While the Lightning has struggled down the stretch, they will just be too much for the Devils . "They get opportunities.

Hamilton dominates opening practice session in China
Their straight-line speed in the last few races has been faster than ours and we have the longest straights here. Ferrari have nearly been flawless, and we are working on being flawless".

Russian Court Orders Telegram Messenger App Blocked
The Telegram app is exceptionally popular in Russian Federation , used not only by everyday people but also government agencies. Pavel Chikov, a lawyer representing Telegram , described the decision as a warning to other tech companies.

The Cowboys Have Released Former All-Pro Wideout Dez Bryant
He said some of the frustration was rooted in the offensive scheme. "He will always be a valued member of our family", Jones said. The move is billed as a cap-saving measure, Bryant has not performed up to the heights he reached earlier in his career.

TMZ: Will Ferrell released from hospital following serious auto accident in California
The publication reports the crash happened on Interstate 5 in Orange County , California around 11 pm local time on Thursday. Richard Peacock told Deadline that Ferrell's SUV was driving in the HOV lane when the Toyota attempted to get in.

Ecuador's President Confirms Death of Kidnapped Journalists
The government Thursday received photos Thursday from the Colombian TV station RCN suggesting the three had been killed. He said the time for restraint was over and that he won't allow Ecuador to become a haven for transnational drug gangs.

Facebook stops funding campaign against USA consumers' privacy
On Friday night, investigators from Britain's data watchdog searched the London offices of Cambridge Analytica for several hours. Republican congressman Fred Upton cited an example of a Michigan Republican whose campaign page was removed from Facebook.

Xi Jinping's China shows off force in South China Sea
As China's President Xi said above, only mutual dialogue and cooperation can work in today's world - if peace is to be maintained. While Xi's speech did not inflame trade tensions, other comments by government officials have taken a firm line.

Guardiola: City Are Not UCL Flops
The Manchester United full-back was not punished for the studs-up tackle, which left Aguero floored late in the second half. Pep Guardiola claims Manchester City did not fail in the Champions League despite their quarter-final exit.

Uh Oh, The Latest iOS Update Is Bricking Some iPhone 8s
Third-party repairers quickly found out that replacing a broken fingerprint sensor with a working unit would disable Touch ID. Each sensor is paired with the iPhone's logic board when the device is manufactured to prevent it from being tampered with.

Meghan Markle flies to United States to finalize UK visa application
WHAT is beauty privilege and how do we get our hands on it? "He said, 'Oh mum, just to get a glimpse of Meghan Markle!' ". Her outburst comes days after a list of about 600 guest invited to the Royal ceremony was released. "He's great.

Google loses 'right to be forgotten' case
He similarly petitioned Google to remove search results about a crime he had committed, for which he served four years in jail. In those circumstances, "the public interest in having information with his name about this case doesn't prevail".

Jose Mourinho reveals transfer plans amid Rashford and Martial unrest
We can not have just 11 players in the squad. "It would be better for everyone to have only 11 players but it is not possible". Every time Rashford or Martial seem to hit form or be verging on a run of games, Jose Mourinho pulls them back from the fray.