Researchers say some Android phone makers hide missed updates

Share

Researchers found Google, Samsung, and Sony phones to be the most complete in terms of security patches, with TCL and ZTE phones having the most missing patches.

Google told Wired, "some of the devices SRL analyzed may not have been Android certified devices, meaning they're not held to Google's standards of security". The main reason is the way Android is built.

Former Jerry Springer producer arrested for murder
Jill Blackstone also suffered from carbon monoxide poisoning, which required her to be treated in a hospital for two days. Jill has been a producer on several TV talk shows and legal shows, including " Divorce Court " and " Jerry Springer ".

An undisclosed list of Android phone makers have been actively deceiving customers about their devices' security against malware and hacking vulnerabilities, according to Wired, which spoke with researchers at the Security Research Lab (SRL) based in Germany. The manufacturers have allegedly been found to be lying to consumers about missed security patches. While we hope to learn a bit more about exactly which phones are missing which fixes, there's also another concern beyond just knowing whether or not your phone is actually secure, and that involves the degree to which manufacturers have been misleading their users. "It's small for some devices and pretty significant for others".

Most carriers and phone makers tweak Android to make their products unique.

Russian spy poisoning: Nerve agent inspectors back UK
It says British authorities "must urgently provide tangible evidence that Yulia is alright and not deprived of her freedom". A spokesperson from the Russian Embassy in London described Yulia Skripal's statement as "an interesting read".

The study looked at all 2017 patches on a range of devices from Google, Sony, Samsung, Wiko, Xiaomi, OnePlus, Nokia, HTC, Huawei, LG, Motorola, TCL, and ZTE. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed. The good news is that Android's underlying security architecture does its best to mitigate the impact of malicious actors, and even if your OEM skipped one or two patches, so long as it's caught up with the bulk of them, you're probably in good shape. "Owing to this complexity, a few missing patches are usually not enough for a hacker to remotely compromise an Android device", the researchers wrote. This means that the latter two companies have missed at least 4 patches during a security update for one of their devices after October 2017. In other words, some device makers have been claiming that their phones meet a certain security patch level when in reality their software is missing required security patches. On some phones, the patch gaps numbered in the dozens. In particular, phones powered by a MediaTek chipset had 9.7 missed patches on average. However, does this excuse manufacturers who say their devices are fully updated when they are not? The company tried to do some damage control by listing its mechanisms like Google Play Protect which are being developed to ensure an extra security layer. In order to help users tackle the problem, SRL Labs will be releasing an update to its SnoopSnitch Android app that allows users to check their phone's code for the actual state of its security updates. "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging".

APTOPIX UN Syria Russia
Five countries - Bolivia, China, Ethiopia, Kazakhstan, Russia - voted in favor, failing to pass the threshold of nine. Russia vetoed a USA text, while two Russian-drafted resolutions failed to get a minimum nine votes to pass.

Share