Android Phone Makers Caught Fibbing About Security Patches

US Defense Secretary James Mattis Chairman of the Joint Chiefs of Staff Gen. Joseph Dunford and Pentagon Comptroller David Norquist testify before the House Armed Services Committee in the Rayburn House Office Building on Capitol Hill

Android Phone Makers Caught Fibbing About Security Patches

Researchers Karsten Nohl and Jakob Lell from Security Research Labs have spent the past two years reverse-engineering hundreds of Android devices in order to check if devices are really secure against the threats that they claim they are secure against.

Manufacturers tell users that phones are patched up to a certain month, the researchers said, but some months have been skipped, leaving security holes that can be exploited by hackers or Android malware. SRL notes that the chips the phones used could be part of the problem. You go out of your way to keep your data safe, protecting your handset with a strong passcode, paying close attention to the permissions you grant apps, and making sure that your phone is always running the latest security updates available to it.

It would be one thing if companies were outright telling us that an update contained X out of Y recent fixes (and better still if they briefly mentioned the reasons for skipping the others), but with the way things have been operating so far, users could easily have the impression that their phones are more patched than they actually are. "Sometimes these guys just change the date without installing any patches". The phones all claim to have received at least one security update since October 2017. And if a company making those chips isn't keeping up with patches, it becomes quite hard for the manufacturers of the phones running them to fully secure their devices. SRL Labs is going to release an update to its Android app SnoopSnitch that will let users check their phone's code for the actual state of its security updates, but it is unlikely that users will manually check for patches.

The Hive: HHS tennis team plays at district tournament
They were able to get some good shot attempts, and even when they turned the ball over, it was often deep in LaFollette territory. The Spartans (2-2) got their inaugural goal from Janna Williams, who finished a Vangelos assist.


Nohl and Lell plan to present their findings at the Hack in the Box security conference in Amsterdam tomorrow, and post their full paper online after their presentation.

This OnePlus phone seems to be in decent, if outdated, security shape. In other words, some device makers have been claiming that their phones meet a certain security patch level when in reality their software is missing required security patches. Other handset makers have to examine each update and, if necessary, tailor them to fit each of their own devices. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed.

Or so you'd think.

Syria is ready for war with the West
Syria and its main ally, Russia, have denied that any chemical weapons were used and gave permission for the OPCW to investigate. Meanwhile, the Russian military said the Syrian government is now in full control of Duoma, once held by rebels opposing Assad.


Xiaomi, Nokia, HTC, Motorola and LG all made the list, as well, while TCL and ZTE fared the worst in the study, with, on average, not having installed more than four of the patches they claimed to have installed on a given device. It appears Motorola may not be living up to its promises. On some phones, the patch gaps numbered in the dozens.

Bringing up the rear were ZTE and TCL, whose phones had an average of more than four missed Android security practices.

Either way, does this make you want to get rid of your BlackBerry phones in exchange for a Samsung?

Le père de son bébé l'a trompée (vidéo) — Khloé Kardashian
Plus récemment, ce dimanche 8 avril, Tristan Thompson a été surpris à son arrivée à l'hôtel Four Seasons à New York. Néanmoins, la source affirme que " la famille est furieuse, Tristan n'est pas la personne qu'ils pensaient être.


Latest News