Tuesday, 24 April 2018
Latest news
Main » Some Android OEMs Reportedly Skipping Security Patches

Some Android OEMs Reportedly Skipping Security Patches

13 April 2018

Google says that some of the devices in the study may not have been Android certified devices, which means that Google's standards of security would not apply to them.

The technologists spent two years analysing a range of Android devices, considering if the manufacturer had installed promised updates.

Some Android vendors are purposefully lying about the latest security update on their phones.

Trump Plans to Pardon CIA Leaker Scooter Libby
Many conservatives have been urging a pardon for Libby, including attorneys Joe diGenova and his wife, Victoria Toensing . Lewis "Scooter" Libby arrives for a hearing at the Federal Court House June 14, 2007 in Washington, DC.

As per some reports from the web, two cybersecurity analysts from Security Research Labs ( SRL) have made a claim that in most of the cases the security updates are not being pushed.

According to SRL, missed security patches were discovered on a wide range of different handsets across manufacturers. This refers to a scenario where the phone's software would claim it was up to date with security patches but actually missed number of patches.

The results, shared with Wired, show that some popular Android devices are missing as many as a dozen patches that users would expect to be there, based on the patch level string displayed in settings in date format. "It's small for some devices and pretty significant for others", is what Nohl told Wired. Smartphones from Nokia, OnePlus, and Xiaomi skipped up to three updates, while devices from Huawei, Motorola, LG, and HTC skipped up to four patches. Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle. Out of the 1,200 phones tested by SRL, which included devices from Google, Samsung, HTC, Motorola and TCL, the firm found that even flagship devices from Samsung and Sony missed a patch. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed.

The Launch of Reliance Jio 4G Laptops
After smartphones and the 4G feature phone , a laptop with a SIM card is reported to be the next big bet for Reliance Jio . A report by ETTelecom says that Reliance Jio is in talks with Qualcomm to bring new laptops with cellular connectivity.

Users who want to monitor the patch state of their device can use SRL's free patch verification app, SnoopSnitch. Google's phones seem to be safe, however, as the Pixel and Pixel 2 series did not misrepresent what security patches they had.

"We're working with [SRL] to improve their detection mechanisms to account for situations where a device uses an alternate security update instead of the Google-suggested security update", Google's Android product security lead, Scott Roberts, told the newspaper.

While many of these missed security patches may not be inherently risky in isolation, hackers typically chain together multiple security holes to reach their goal, taking over devices and stealing data.

Coli outbreak in 7 states
Steaks and roasts should be cooked to at least 145˚F and let rest for 3 minutes after you remove meat from the grill or stove. The particular strain of E. coli involved in this outbreak can cause bad stomach cramps, vomiting and bloody diarrhea.

It is worth noting, though, that some manufacturers are apparently better at releasing updates than others. In particular, phones powered by a MediaTek chipset had 9.7 missed patches on average. "That's deliberate deception, and it's not very common". "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

Some Android OEMs Reportedly Skipping Security Patches