The Strategist

Fragmentation of Android-Devices Market Makes Their Security Stronger

04/05/2016 - 18:02

Mass exploitation of dangerous vulnerabilities in Android-based devices is greatly complicated by the market’s fragmentation.
According to Square’s expert Dino Dai Zovi, fragmentation of the Android-devices market makes life of cybercriminals hard, and plays into the hands of the owners of Android-gadgets that are running outdated of unpatched OS. Dai Zovi has stated this point of view during his speech at the conference Black Hat Asia, reports Internet portal The Register.

According to official Google’s data, about 30% Android-devices operate on OS version 4.4 (KitKat) released in 2013. The same number run on version 5 (Lollipop), released two years ago. Older versions of the operating systems do not receive security updates, even for critical vulnerabilities. Newer versions are also not updated in time since release of patches is the responsibility of the manufacturers. A significant number of companies release updates with delay, or even completely refuse to do it.

According to Dai Zovi, such a market fragmentation of Android-devices only enhances security, as this makes exploitation of dangerous vulnerabilities much more complicated. Take, for example, Stagefright. Development of exploits suitable for the variety of Android-platforms would be quite expensive.

Cybercriminals are hardly interested in spending funds for the creation of such malware, Dai Zovi says. 
"This ecosystem makes exploitation [of the vulnerabilities] more complicated because of the need to develop an exploit for each individual device. Android security features, such as verification of applications and programs in Google Play makes the ecosystem more safe," - said the expert. 

Recall that in March this year experts warned about a new exploit for a vulnerability in a component of the Android mobile operating system kernel called Stagefright. As specialists of North-Bit say, the new method makes it possible to circumvent the protection of Android. Only one visit to a web-site controlled by the attackers can compromise the entire system.