Security-related updates for smartphones and tablets need to get to users in good time.
How do smartphone manufacturers decide whether and when to close vulnerabilities in their mobile devices? The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) in the USA are asking various manufacturers of mobile devices these and other questions and are demanding clarification. This enquiry shows that the protection of mobile devices against cyber crime is of growing importance. G DATA has also already drawn attention to this problem numerous times.
Many smartphone manufacturers launch a new high-end model every year. In addition, there is a wealth of mid-range and low-budget devices. When users purchase them, it is not clear whether and for how long a smartphone or tablet will be provided with important security updates. When providing security-related updates, there are too many variables overall, such as providers having to adapt security updates to their Android version. This leads to delays in delivering system updates to users.
As the developer of the Android operating system, Google is setting a good example and, as with Microsoft and its scheduled patch days, has a set monthly cycle for publishing security updates. However, it can sometimes take weeks or months for these updates to reach the majority of users. This has serious implications for the security of the devices. Critical vulnerabilities remain unclosed for a considerable period of time and can be exploited by attackers.
This represents an unnecessary security risk for users, especially when considering the important role that smartphones and tablets play in everyday private and working life. According to a study by ING-DiBa, 47 percent of smartphone or tablet owners carry out banking transactions on a mobile device. Comprehensive security is especially important for online banking and shopping. But companies also have an interest in ensuring that smartphones and tablets that are used for business always get the latest security updates. An open security hole that attackers can exploit can lead to enormous commercial damage.
It is important for manufacturers and operating system developers to collaborate even more closely. Processes and procedures must be defined to quickly deliver updates to all smartphone owners. Cyber criminals have long been targeting mobile devices and are using ever more mature malware. The swift deployment of security-related updates is therefore in the interests of developers, manufacturers and, above all, users.
Tim Berghoff is Security Evangelist at G DATA Software AG. In his position he forms the link between technical complexity and the user. He is responsible for the clear communication of G DATA towards the security community, press, distributors, resellers and end users and often speaks at international security conferences.