To Top

FBI, DHS Worried About Android Vulnerabilities

Android is currently the most popular mobile operating system in the world today. Statistics show that there are more than 100 million people worldwide use some version of Android on their smartphone or tablet. The use of Android however has the Federal Bureaue of Investigation and the Department of Homeland Security worried as this platform is vulnerable to security threats.


Both the DHS and FBI are concerned about the threats its law enforcement personnel at the federal, state, and local level faces when using an older version of Android. A roll call release marked as unclassified but for official use only states that “Android is the world’s most widely used mobile operating system (OS) and continues to be a primary target for malware attacks due to its market share and open source architecture. Industry reporting indicates 44 percent of Android users are still using versions 2.3.3 through 2.3.7-known as Gingerbread-which were released in 2011 and have a number of security vulnerabilities that were fixed in later versions.”

The reason why there are different versions of Android available right now is that if a new release is made by Google, manufacturers or even carriers cannot immediately adopt the new releases. Various tests have to be made if the new version of the OS is compatible with a particular smartphone which delays the upgrade schedule. Sometimes devices don’t get upgraded at all. The only exception to this is Google Play devices (such as Nexus models) which get all the latest updates.

The highlights of the report are as follows

  • The malware threats of 2012 for mobile operating systems shows that Android had 79%, and Symbian had 19%. Windows Mobile, BlackBerry, and iOS had less than 1%.
  • Nearly half of all malicious applications circulating in older versions of Android are SMS Trojans.
  • Rootkits pose a serious threat to the Android platform. In 2011 alone millions of devices were found to have the CarrierIQ rootkit. Rootkits can go undetected and can log usernames and passwords.
  • There is a proliferation of fake Google Play sites created by cybercriminals that trick users into downloading what seems to be legitimate apps but in reality are fake and malicious apps.

via publicintelligence

More in Tech News