The Leading News & Information Service For The Facilities, Workplace & Built Environment Community

Devices with Potential for Vices

22 October 2015 | Updated 01 January 1970

A study partly funded by Google and conducted by University of Cambridge researchers has found that 87% percent of Android devices are vulnerable to known flaws. 

One of the authors, Alastair R. Beresford, one of the team members blames many manufacturers that do not issue security patches regularly, leaving their devices exposed to malware.

While admitting that some manufacturers were ‘much better’ than others the study showed that devices built by LG and Motorola as well as those shipped under the Google Nexus brand are much better than most.

The authors used data collected by their Device Analyzer app which is available from the Google Play Store. The app collects data from volunteers around the globe and the authors have used data from over 20,000 devices in the study but were still keen to recruit more contributors.

“We combined Device Analyzer data with information we collected on critical vulnerabilities affecting Android,” said Beresford. “We used this to develop the FUM score which can be used to compare the security provided by different manufacturers. Each manufacturer is given a score out of 10 based on: f, the proportion of devices free from known critical vulnerabilities; u, the proportion of devices updated to the most recent version; and m, the mean number of vulnerabilities the manufacturer has not fixed on any device.”

The problem with the lack of updates to Android devices was, said Beresford, well known and recently Google and Samsung have committed to shipping security updates every month. “Our hope is that by quantifying the problem we can help people when choosing a device and that this in turn will provide an incentive for other manufacturers and operators to deliver updates,” stated Beresford.

Beresford went on to urge users to recognise that Google “has done a good job at mitigating many of the risks and we recommend users only install apps from Google’s Play Store since it performs additional safety checks on apps. Unfortunately Google can only do so much, and recent Android security problems have shown that this is not enough to protect users. Devices require updates from manufacturers, and the majority of devices aren’t getting them.”

Picture: A joint study by Google and a team from the University of Cambridge has found serious weaknesses in many Android devices

Article written by Robin Snow | Published 22 October 2015


Related Articles

Interserve Fined £4.4m for Failure to Keep Staff Details Secure

The UK’s IT security watchdog has fined Interserve for breaching data protection law and failing to prevent a cyber attack. The Information Commissioner’s...

 Read Full Article
NHS IT Services Supplier Victim of Ransomware Attack

It has been confirmed that a ransomware attack is causing a major outage for NHS IT systems. Services affected include software used by NHS 111 and other patient notes...

 Read Full Article
Smart Buildings at Increased Risk of Cyber Attacks, Says Verdantix

The operational technology that powers connected devices across building systems is providing more entry points for cyber criminals to exploit, says research and advisory...

 Read Full Article
ISS Now Recovered from 2020 Malware Incident

The effects of the ISS IT security incident have been resolved with all related costs fully recognised and with the majority paid in 2020, according to the...

 Read Full Article
Cybersecurity – Are Smart Buildings and its Data Vulnerable to Malware Attacks?

As more and more of a building’s functions are automated and controlled via smart technology systems, has cybersecurity been an afterthought? In 2020, Boris...

 Read Full Article
Working Securely Online – Cyber Hygiene

With more people working on the internet outside of monitored business networks, the risks of compromising company and personal data are increased. Concentration is...

 Read Full Article
ISS Update On The Impact Of Malware Crisis 

In an official company announcement, ISS World has today confirmed that they have regained control of “the vast majority” of their IT infrastructure. This...

 Read Full Article
What Can The FM Sector Learn From The ISS Malware Attack?

After breaking the news of the ISS World malware crisis, ThisWeekinFM speaks to the industry experts, to identify how FM companies can better manage cybercrime...

 Read Full Article
More Global FM Firms Hit By Cyber Attacks

EMCOR Group and Bouyges are the latest FM companies targeted by malicious software attacks.  The website of EMCOR Group, the global providers of facility...

 Read Full Article
123456 - 23.2 Million Cyber Victims Used This Password

The most hacked passwords have been revealed as a UK cyber survey exposes gaps in online security with global breach analysis finding 23.2 million victims used 123456 as...

 Read Full Article