Hi-Tech

Some Android OEMs Reportedly Skipping Security Patches

Some Android OEMs Reportedly Skipping Security Patches

To coincide with the release of the report, SRL has launched an app called SnoopPitch, which it says helps Android users find out if their handsets are neglecting security.

Wired reports the existence of these "patch gaps" with manufacturers missing up to a dozen security patches, even while telling users all known issues have been addressed.

Nohl and Lell reverse engineered the operating system code of about 1,200 Android smartphones to check if the devices really contained the security patches that companies said they did.

Nohl agrees that exploiting missing patches remains hard for hackers, who are more likely to use methods like rogue apps snuck onto the Google Play Store or less secure third party sources.

Phones from TCL and ZTE were missing four or more of the advertised security patches. This can be seen in the image of the table below which lists off what OEMs were missing patches and how many of them were missed.

But if you just want to just not worry about it (we feel you), the tail-end of Google's statement asserts that you can do just that: "These layers of security-combined with the tremendous diversity of the Android ecosystem-contribute to the researchers' conclusions that remote exploitation of Android devices remains challenging". Over the past few years, Google has pushed its OEM partners like smartphone manufacturers to be more aggressive with their updates, but it's been an uphill battle.




Google added that some devices may be skipping updates because they are uncertified, which means that they are not required to meet certain security standards. Outside of the Google Pixel and Google Pixel 2, the tests revealed that even high-end flagship models made by the top manufacturers had Android security patch updates skipped over, even if the update was credited on the phone.

"We found several vendors that didn't install a single patch but changed the patch date forward by several months", Nohl says."That's deliberate deception, and it's not very common".

Nevertheless, the SRL founder reckons that Android device owners can take solace in the security measures on their phone.

As an example, testing SnoopSnitch on (my personal) Sony Xperia XZ1, with stock, un-rooted Android 8.0 (Oreo) with the March 1, 2018 security patch level shows 34 patched vulnerabilities and 20 inconclusive vulnerabilities. For example, Samsung's 2016 J5 accurately reported what was and wasn't installed, but its 2016 J3 said all patches were up to date when 12 weren't actually installed. Companies such as Google, Samsung and Sony had the best record of installing the patches, whereas Chinese vendors including Lenovo's Motorola, TCL and ZTE had trouble rolling them out.

Xiaomi, OnePlus, and Nokia were found to have between one and three missed patches, though again there were few samples of Nokia phones. After the release of an update, chipset makers adjust the updates as per their requirements and then pushes it to smartphone manufacturers. Google is working with SRL to delve deeper into its test results.


  • Indian exchange Coinsecure blames exec for $3.5M BTC theft

    Indian exchange Coinsecure blames exec for $3.5M BTC theft

    The company's efforts to trace the hackers was unsuccessful, since all the data logs of the affected wallets had been erased. The company's director Mohit Kalra - who signed on the complaint - couldn't be reached on his mobile phone Friday.
    Detroit woman arrested for abusing 2-year-old boy

    Detroit woman arrested for abusing 2-year-old boy

    Phipps and Snipes are considering writing a book on the missed connection that changed their life. Vaughn is now 18 months old, and the women meet up to take him for playdates in the park.
    Leafs' Kadri suspended for 3 games for hit on Bruins' Wingels

    Leafs' Kadri suspended for 3 games for hit on Bruins' Wingels

    I haven't really watched it yet, but I don't think I stuck my leg out or my arm out. Kadri received a five-minute match penalty and game misconduct on the play.
  • Tax Attic: The end of tax filing season

    Tax Attic: The end of tax filing season

    They'll likely also continue to audit the individual in future years until they think their tax return contains no issues. Many people who didn't know they had to pay such taxes could end up in the crosshairs of the agency.
    Gov. Ducey Addresses National Guard Border Deployment

    Gov. Ducey Addresses National Guard Border Deployment

    It says troops can not guard anyone in custody for immigration violations or participate in construction of border barriers. Since the announcement, Governor Susanna Martinez has openly supported the effort.
    Pot stocks surge on news Trump favours giving states latitude on legalization

    Pot stocks surge on news Trump favours giving states latitude on legalization

    Gardner's blockade held up the confirmations of about 20 nominees at the Justice Department. Trump is turning over a new leaf on legal marijuana.
  • Laine makes first goal count: Jets sniper ties game in third period

    It's possible rookie Jack Roslovic will come into the lineup Friday to take Perreault's spot on a line with Little and Joel Armia. They would head back home with the series at 1-1 and in home games this year, the Wild are 27-6-7-1 this season.
    Walmart to acquire India's Flipkart by end of June

    Walmart to acquire India's Flipkart by end of June

    The deal, which is likely to be carried out in tranches, will include purchase of primary and secondary shares, the sources said. The deal, if it goes through, would unlock the booming Indian e-commerce market for the world's largest offline retailer.
    Wells Fargo Advisors continues to bleed reps

    Wells Fargo Advisors continues to bleed reps

    This buyback authorization permits the financial services provider to reacquire shares of its stock through open market purchases. Wells Fargo may be forced to pay a $1 billion fine due to investigations into its mortgage and vehicle insurance loan abuses.
  • Tough draw for Arsenal tempered by Diego Costa blow for Atletico Madrid

    Tough draw for Arsenal tempered by Diego Costa blow for Atletico Madrid

    Meanwhile, French Ligue 1 side, Olympique Marseille were drawn to battle Red Bull Salzburg of Austria for a spot in the final. Atletico progressed at the expense of Sporting Lisbon , despite a 1-0 defeat in Portugal on Thursday evening.

    Micron Technology (MU) Expected to Announce Quarterly Sales of $7.43 Billion

    5,700 are held by Cullinan Assocs. ( MU) stock price rose 4.18% with the closing value of $52.59 during Thursday trading session. Profund Advisors Llc decreased Celgene Corp (NASDAQ:CELG) stake by 34,199 shares to 341,995 valued at $35.69 million in 2017Q4.
    Weather Forecast: Dry today, then showers return this weekend

    Weather Forecast: Dry today, then showers return this weekend

    EXTENDED: Heading into Saturday we are tracking more strong winds, to Level 2 strength so gusts in excess of 50 miles per hour . A line of storms are expected to move across the region by 5-8 a.m. and move east toward I-65 by late Saturday afternoon.