Announcement of 13. May 2016

Mobile devices and security risks – why a change in thinking is needed

Security-related updates for smartphones and tablets need to get to users in good time.

How do smartphone manufacturers decide whether and when to close vulnerabilities in their mobile devices? The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) in the USA are asking various manufacturers of mobile devices these and other questions and are demanding clarification. This enquiry shows that the protection of mobile devices against cyber crime is of growing importance. G DATA has also already drawn attention to this problem numerous times.

New high-end smartphones on a yearly basis

Many smartphone manufacturers launch a new high-end model every year. In addition, there is a wealth of mid-range and low-budget devices. When users purchase them, it is not clear whether and for how long a smartphone or tablet will be provided with important security updates. When providing security-related updates, there are too many variables overall, such as providers having to adapt security updates to their Android version. This leads to delays in delivering system updates to users.

Google regularly publishes updates

As the developer of the Android operating system, Google is setting a good example and, as with Microsoft and its scheduled patch days, has a set monthly cycle for publishing security updates. However, it can sometimes take weeks or months for these updates to reach the majority of users. This has serious implications for the security of the devices. Critical vulnerabilities remain unclosed for a considerable period of time and can be exploited by attackers.

Unnecessary security risk for users

This represents an unnecessary security risk for users, especially when considering the important role that smartphones and tablets play in everyday private and working life. According to a study by ING-DiBa, 47 percent of smartphone or tablet owners carry out banking transactions on a mobile device. Comprehensive security is especially important for online banking and shopping. But companies also have an interest in ensuring that smartphones and tablets that are used for business always get the latest security updates. An open security hole that attackers can exploit can lead to enormous commercial damage.

A change in thinking is needed

It is important for manufacturers and operating system developers to collaborate even more closely. Processes and procedures must be defined to quickly deliver updates to all smartphone owners. Cyber criminals have long been targeting mobile devices and are using ever more mature malware. The swift deployment of security-related updates is therefore in the interests of developers, manufacturers and, above all, users.

About Tim Berghoff

Tim Berghoff is Security Evangelist at G DATA Software AG. In his position he forms the link between technical complexity and the user. He is responsible for the clear communication of G DATA towards the security community, press, distributors, resellers and end users and often speaks at international security conferences.

Media:

Announcement of 13. May 2016

G DATA Software AG
G DATA Campus
Königsallee 178
D-44799 Bochum

Phone: +49 234 9762-239
E-Mail: presse@remove-this.gdata.de

Kathrin Beckert-Plewka
Public Relations Manager

Contact

Kathrin Beckert-Plewka

Phone: +49 234 9762-507
kathrin.beckert@remove-this.gdata.de

Vera Haake
Spokesperson for event & location communication

Contact

Vera Haake

Phone: +49 234 9762-376
vera.haake@remove-this.gdata.de

Stefan Karpenstein
Public Relations Manager

Contact

Stefan Karpenstein

Phone: +49 234 9762 - 517
stefan.karpenstein@remove-this.gdata.de