Over half of Android devices have unpatched vulnerabilities, report says

Results from X-Ray vulnerability scanner show that over half of Android devices are vulnerable to root exploits

Over half of Android devices are vulnerable to known security flaws that can be exploited by malicious applications to gain complete access to the operating system and the data stored on it, according to a report from mobile security firm Duo Security.

This conclusion is based on scans performed during the last couple of months with X-Ray, a free Android vulnerability assessment tool developed by Duo Security. X-Ray scans devices for known privilege escalation vulnerabilities that exist in various versions of the mobile operating system.

"Since we launched X-Ray, we've already collected results from over 20,000 Android devices worldwide," security researcher Jon Oberheide, who is co-founder and CTO of Duo Security, said Wednesday in a blog post.

Privilege vulnerabilities can be exploited willingly by users in order to gain administrator (root) access on their devices and, for example, replace the firmware provided by the manufacturer with a custom-built one.

However, they can also be exploited by malware for malicious purposes and there have been multiple documented cases of Android malware that incorporated root exploits over the years.

"Since the launch of our mobile security solution, root exploits have been some of the most frequently encountered threats," Bogdan Botezatu, a senior e-threat analyst at antivirus vendor BitDefender, said Friday via email.

For example, during the first quarter of 2012, the top 10 detected Android threats included the "Rage Against The Cage" exploit, the "GingerBreak" exploit, the "Exploid" exploit and the "Asroot" exploit, Botezatu said.

Some of those cases might have been caused by users who were attempting to "root" their devices. However, others were likely generated by malicious apps that used those exploits, Botezatu said.

Over 50 percent is actually a fairly conservative estimate, Oberheide said. "Yes, it's a scary number, but it exemplifies how important expedient patching is to mobile security and how poorly the industry (carriers, device manufacturers, etc) has performed thus far."

The slow deployment of security patches to Android devices is a problem that has been known of for years. Manufacturers stop issuing updates for some device models too quickly and even when they do issue updates, some carriers don't distribute them in a timely manner.

"In the Microsoft ecosystem, desktop users know that patches are provided for quite a while, just like what happened with Windows XP," Botezatu said. "Mobile carriers, on the other side, see the mobile device, as well as the operating system running atop of it as a wearable item that rapidly goes out of fashion and has a shorter lifespan than desktops or laptops."

"While it's well-known in the security community that slow patching of vulnerabilities on mobile devices is a serious issue, we wanted to bring greater visibility to the problem," Oberheide said. The researcher will present the preliminary results from the X-Ray project at the United Security Summit conference in San Francisco on Friday.

Join the newsletter!

Error: Please check your email address.
Rocket to Success - Your 10 Tips for Smarter ERP System Selection
Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Lucian Constantin

IDG News Service
Show Comments

Cool Tech

Breitling Superocean Heritage Chronographe 44

Learn more >

SanDisk MicroSDXC™ for Nintendo® Switch™

Learn more >

Toys for Boys

Family Friendly

Panasonic 4K UHD Blu-Ray Player and Full HD Recorder with Netflix - UBT1GL-K

Learn more >

Stocking Stuffer

Razer DeathAdder Expert Ergonomic Gaming Mouse

Learn more >

Christmas Gift Guide

Click for more ›

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Edwina Hargreaves

WD My Cloud Home

I would recommend this device for families and small businesses who want one safe place to store all their important digital content and a way to easily share it with friends, family, business partners, or customers.

Walid Mikhael

Brother QL-820NWB Professional Label Printer

It’s easy to set up, it’s compact and quiet when printing and to top if off, the print quality is excellent. This is hands down the best printer I’ve used for printing labels.

Ben Ramsden

Sharp PN-40TC1 Huddle Board

Brainstorming, innovation, problem solving, and negotiation have all become much more productive and valuable if people can easily collaborate in real time with minimal friction.

Sarah Ieroianni

Brother QL-820NWB Professional Label Printer

The print quality also does not disappoint, it’s clear, bold, doesn’t smudge and the text is perfectly sized.

Ratchada Dunn

Sharp PN-40TC1 Huddle Board

The Huddle Board’s built in program; Sharp Touch Viewing software allows us to easily manipulate and edit our documents (jpegs and PDFs) all at the same time on the dashboard.

George Khoury

Sharp PN-40TC1 Huddle Board

The biggest perks for me would be that it comes with easy to use and comprehensive programs that make the collaboration process a whole lot more intuitive and organic

Featured Content

Product Launch Showcase

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?