Some Android OEMs have been caught lying about security patches

Google Home Unboxing and Setup process- GIZBOT

Some of the largest Android smartphone makers are thought to be misleading users about important security updates, according to a report from Wired. Latest research at Security Research Laboratory in Germany has discovered that many vendors of android are wrongly informing customers that their devices are continuing the most recent updates.

Speaking at the Hack in the Box security conference in Amsterdam, Karsten Nohl and Jakob Lell from Security Research Labs gave details of their findings after two years of research.

WIRED reached out to Google for comment on SRL's findings, to which the search-giant responded that while it appreciates the firm's research, some of the analyzed handsets may not have been Android certified; meaning, that unlike the company's flagship Pixel handsets, they may not be held to Google's security standards. The J5 did miss some security patches from 2017, but it didn't advertise that they were installed. An app called SnoopSnitch enables users to check if smartphone is running the security patches which it claims. On the other hand, in the OnePlus 5T the test result was inconclusive in the case of 5 patches but the handset has not missed any patch. The problem with Android is that while Google may push out regular software updates, it is left to these manufacturers to push them out to their devices.

SRL found that Samsung's budget J3 smartphone claimed to have every security patch from 2017 installed, but it was actually missing 12 of the patches released during that year.

"As more Africans come online every year, using mobile phones as their primary and sometimes only internet device, online is not somewhere they "go" anymore but where they live, connecting with people, places and things that matter to them".

While many of these missed security patches may not be inherently unsafe in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

On the user's part, it's nearly impossible to know which patches are missing and which are actually installed.

Xiaomi, Nokia, HTC, Motorola and LG all made the list, as well, while TCL and ZTE fared the worst in the study, with, on average, not having installed more than four of the patches they claimed to have installed on a given device. On some phones, the patch gaps numbered in the dozens.

ZTE and TCL appear to be among the worst offenders, while Google, Samsung and Sony are the best at patching.

Research from Security Research Labs shows there is a "patch gap" in terms of Android vendors' devices. Your phone may say it is patched, but in reality, it may not be. These updates even include ones that were considered critical for device safety.

The company added that it was working with the research authors to improve detection mechanisms when a device uses an alternate patch as opposed to a Google-endorsed update.

Related News:



Most liked

Royal Family: Prince Philip discharged from hospital after hip replacement
It is understood the 96-year-old had been having trouble with his hip for about a month before the operation. He is expected to need a rehabilitation period and to use crutches for a number of weeks.

The King of Kong has been stripped of his title for cheating
Just a couple months ago Todd Rogers, who held the most gaming records in history, had his records removed after decades of work . Back in 2007, the documentary The King of Kong: A Fistful of Quarters directed the worlds attention towards Billy Mitchell .

Santoliquito: Sydney Crosby And The Penguins Embarrass The Flyers
The Flyers must find a way to stop the Penguins when down a man and avoid taking needless penalties if they hope to win Game 1 . While the Lightning has struggled down the stretch, they will just be too much for the Devils . "They get opportunities.

Russian Court Orders Telegram Messenger App Blocked
The Telegram app is exceptionally popular in Russian Federation , used not only by everyday people but also government agencies. Pavel Chikov, a lawyer representing Telegram , described the decision as a warning to other tech companies.

The Cowboys Have Released Former All-Pro Wideout Dez Bryant
He said some of the frustration was rooted in the offensive scheme. "He will always be a valued member of our family", Jones said. The move is billed as a cap-saving measure, Bryant has not performed up to the heights he reached earlier in his career.

Just one alcoholic drink a day could shorten your life, study says
More than that raises the risk of stroke, fatal aneurysm (a ruptured artery in the chest), heart failure and death. The study, which looked at data from 600,000 people in 19 countries, supported the UK's low safe-drinking limits.

Trump's 'attack dog' Michael Cohen is facing criminal inquiry
Cohen and their teams were still scrambling on Friday to assess the damage from the raid early Monday morning", The Times . They said Cohen had actually done "little to no legal work, and that zero emails were exchanged with President Trump ".

Facebook stops funding campaign against USA consumers' privacy
On Friday night, investigators from Britain's data watchdog searched the London offices of Cambridge Analytica for several hours. Republican congressman Fred Upton cited an example of a Michigan Republican whose campaign page was removed from Facebook.

Xi Jinping's China shows off force in South China Sea
As China's President Xi said above, only mutual dialogue and cooperation can work in today's world - if peace is to be maintained. While Xi's speech did not inflame trade tensions, other comments by government officials have taken a firm line.

Trump Agreed With 'Cooperative Approach' in Engaging With Mueller
The president also reportedly considered firing Rosenstein last summer around the same time that he considered firing Mueller. He is also looking at whether Trump obstructed justice by trying to interfere with the federal probe at any point.

Elon Musk says Tesla will be profitable in Q3 and Q4
It is important not to rely on any one financial measure, but to use it in conjunction with statement analysis and other measures. In businesses, income can refer to a company's remaining revenues after all expenses and taxes have been paid.

Coli Outbreak Hits 7 States, Source Is Unknown
The source of the outbreak can, as of now, only be traced to chopped romaine lettuce from the growing region of Yuma, Arizona. According to the CDC , there were 2 reported outbreaks of E. coli in 2017 linked to leafy greens and SoyNut Butter .

Guardiola: City Are Not UCL Flops
The Manchester United full-back was not punished for the studs-up tackle, which left Aguero floored late in the second half. Pep Guardiola claims Manchester City did not fail in the Champions League despite their quarter-final exit.

Wells Fargo First Quarter Profit Advances, Revenue Dips
The firm has a market capitalization of $253,301.77, a price-to-earnings ratio of 12.38, a P/E/G ratio of 1.37 and a beta of 1.13. Keefe, Bruyette & Woods restated a "buy" rating on shares of Wells Fargo in a research report on Tuesday, January 16th.

Google loses 'right to be forgotten' case
He similarly petitioned Google to remove search results about a crime he had committed, for which he served four years in jail. In those circumstances, "the public interest in having information with his name about this case doesn't prevail".