It a security consultancy as Bit9 prepare a report alarmist about security is not something that should be taken into much consideration, but today we make an exception because the results of the study, apart from not trying to sell us anything, give much to think.
Bit9 is based on the theory that a properly updated operating system It is better protected against security holes and bugs where it could be exposed sensitive user data. Applying this idea to reverse, an operating system updated shortly and evil It is an easy target for these attacks. Following this reasoning, the consultant has prepared a list Android terminals worse updated and thus, most insecure market.
The list has been made in attention to mobile phones more sold, which carry obsolete versions of Android and that, moreover, does not have updated never, or make it too slowly. These are the 12 dirty dozen of Android.
1. Samsung Galaxy Mini
2. HTC Desire
3. Sony Ericsson Xperia X 10
4. Sanyo Zio
5. HTC Wildfire
6. Samsung Epic 4G
7. LG Optimus S
8. Samsung Galaxy S
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2
12. HTC Evo 4G
Turns out that, while in other operating systems, the ratios of adoption of new versions are about 90%, in Android, 56% of the terminals are what Bit9 calls ‘ digital orphans ’, phones that for various reasons are not updated as it should. Android takes a average of seven months to receive the first update. Samsung is the brand that worse and later updated its terminals, followed by HTC and Motorola.
Why Bit9 points for these bad notes are the best topic. Firstly, Bit9 says that manufacturers tend to leave models to focus on new releases that it obtain new versions of software, virtually forcing the consumer to change device if you want to have your operating system updated.
Too many cooks
The second reason that makes the system more insecure and less updated Android is what Bit9 calls the problem of having ‘ too many cooks in the same kitchen ’. In October of this year, HTC detected a serious vulnerability in the security of the HTC Sense interface that could allow third parties access to user data. In the press release that announced that they were solving it was said that HTC and Sprint operator were working side by side in this.
From Bit9 wonder that you have to do an operator with a security flaw in an operating system?. The answer is that too many people put the hand in the same pot. Google develops the operating system base but, from there, each brand personalize it with your own software and then it is the operator that dumps its aesthetics, contents and restrictions above customization. That not to mention often customizing the operating system gives more problems in itself.
According to Bit9, this process not only makes it harder and eternalizes update processes or stops them completely, but it means further weaken the security of the platform by multiplying the number of possible routes of entry.
The solution to this problem is not easy. From Bit9 commented that manufacturers and operators should, first of all, stop updates of software in the hands of a responsible that, logically, it should be Google. Then, they recommend to Google a more agile updates system allowing to release security patches when necessary.
Almost nothing, in short. To see who is the handsome that tells you to Samsung to surrender to your widgets and their TouchWiz or Movistar which ceases to add those unannounced access to KETEK.
Why Android and IOS or Windows Phone?
If Bit9 chose Android as a platform for the study has been precisely po their lack of a centralized update system. MSX recognizes that analyze the same way the iPhone wouldn’t make sense since their updates are dependent on a single company and are not determined by any operator. However, iPhone 4 had obtained, according to the study of Bit9, a thirteenth placed in the ranking of mobile insecure, more popular than anything else, but it is still a risk position.
Something similar occurs with Windows Phone 7, where the master software updates depend on Microsoft. Bit9 says to the Nexus family Google as the only Android terminals that follow a pattern of update logical and desirable from the point of view of safety.
Another reason for choosing Android is the meteoric rise of this operating system market share. This growth allows House reason to think that he will be the favorite target of the next batch of security attacks. Bit9 provides a spectacular increase in security attacks on Android in 2012 inasmuch as, smartphones and tablets each time are used more like a computer than as a phone.