Original URL: http://www.theregister.co.uk/2012/09/14/duo_says_android_security_nightmare/
'Over half' of Android devices have unpatched holes
Fix is up to your carrier, Google, mobo maker - just about everyone
Posted in Security, 14th September 2012 02:12 GMT
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Duo Security is claiming that “over half” of Android devices have unpatched vulnerabilities.
The company’s Jon Oberheide says in this blog post [1] that the results come from the first slew of users of the company’s X-Ray Android vulnerability scanner.
Promising to announced detailed results on Friday (September 14) at the Rapid7 United Summit conference in San Francisco, Oberheide says the results come from X-Ray scans of more than 20,000 users of the software – the sample base from which Duo draws its “50 percent” claim.
The of vulnerabilities X-Ray tests for include a bug ASHMEM that allows devices to be rooted; Exploid, in which Android’s init daemon forgets to confirm that Netllink messages are coming from the trusted kernel; Gingerbreak, which exploits the same Netlink issue but uses the volume manager as its vector; the Levitator privilege escalation bug; along with the Mempodroid, Wunderbar, ZergRush and Zimperlich bugs.
Android patching is a pain in the neck, involving as it does the complex ecosystem of Google, device makers and carriers. The easiest way to get an up-to-date version of Android is to buy a new device.
Alternatively, we could just wait until Android is sued off the face of the planet and replaced by a new Google operating system. ®