Lack of security patching leaves mobile users exposed
An analysis of the patch updates among the five leading wireless carriers in the United States found that 71 percent of mobile devices still run on security patches more than two months old. Six percent of devices run patches that are six or more months old. Without the most updated patches, these devices are susceptible to myriad of attacks, including rapidly rising network attacks and new malware, also detailed in the report.
In tech city centers, Boston topped a list of tech cities with the largest growth in network incidents with a more than 960 percent increase. Skycure also found that common malware grew by more than 500% from the first quarter to the fourth quarter of 2016.
Wireless carriers and vulnerabilities
A huge number of Android vulnerabilities were identified in 2016, rising to more than four times the number in 2015. Almost half of those vulnerabilities allowed excessive privileges, while others allowed other bad effects, like leakage of information, corrupted memory, or arbitrary code execution.
Because carriers must make Android patches available to their users before they can patch their devices, Skycure analyzed devices on AT&T, MetroPCS, Sprint, T-Mobile, and Verizon to determine the age distribution of security patches on the leading carriers.
- The most recent security patch released by Google has only been adopted by a very small percentage of the devices. Skycure reported that AT&T users were up to ten times more likely to have this latest patch installed.
- Among the five major US carriers, MetroPCS had the highest percentage of devices with patches more than three months old, making their devices the most susceptible to attack.
- Among all the major carriers, more than one-third of devices had patches more than three months old. Google releases Android security patches every month, meaning these devices are at least three patches behind, exposing vulnerabilities on these devices ripe for hackers.
Increase in network incidents
Skycure also tracked trends in network incidents over 2016. To highlight the rise in risk of network attack for mobile devices, researchers analyzed network incidents in the major technology centers of the US over the course of the year. They found:
- The volume of incidents rose dramatically from the first quarter to the fourth quarter of 2016, ending Q4 with more than three times the number of incidents of Q1.
- Boston had the greatest increase in incidents throughout the year, reaching nearly 11 times the number of incidents from the first to fourth quarter, followed by Chicago, Raleigh-Durham, and Washington DC.