[Buzz_Dengue]

The 12 Most Vulnerable Smartphones

Nov 21, 2011 8:42 AM EST
By Sara Yin

How vulnerable is your smartphone to malware attacks? Android is by far the most targeted mobile operating system, but some popular Android phones made by Samsung, HTC, and Motorola, fare a lot worse than others.
Bit9, an enterprise-oriented security vendor, ranked the 12 most vulnerable cell phones (the "dirty dozen") based on how dated its software is out of the box. Android fragmentation is well documented, but your average cell phone user probably doesn�t care if he or she�s on Android 2.3 or Android 2.3.7. Functionally, the versions are similar.
However security-wise, it matters. A lot. For instance if a malicious app breaches an older version of Android, Google patches the vulnerability and releases an incremental update so that app can never exploit your phone again. Then it�s up to the cell phone operator to send your phone that update.
The timing of when you get these updates depends upon your cell phone operator and cell phone manufacturer, rather than Google, which is fundamentally different from how PC security is distributed (it would be akin to buying a PC from Dell and relying on Dell to coordinate with your home Internet provider, instead of Microsoft, to update your Windows software).
Unfortunately, not every Android phone gets updated to the latest version at the same time; pundits say carriers have no economic incentive to send updates to old or unpopular phones.
As a result, according to Google, 56 percent of Android smartphones are stuck on the 18-month old Android 2.3 Froyo, or older versions.
�We need to put pressure on the carriers. Why are they alone responsible for updating your security?� Harry Sverdlove, CTO of Bit9, told PCMag.

Honorable Mention: Apple iPhone 4
Apple's iOS is less fragmented because Apple retains full control over when it releases its software update. But fragmentation still exists, because newer versions of iOS either don�t work or perform uber slowly on models that are over two years old. Others iPhone owners are simply turned off by slow download speeds or excessively large files. Lookout Mobile recently discovered that 30 percent of iPhone users don�t download the latest version of iOS when it comes out, and therefore miss out on time-sensitive iOS patches.
As a result, Bit9 gave iPhone 4 an honorable mention.

Bit9�s �dirty dozen�:
1. Samsung Galaxy Mini (T-Mobile)
2. HTC Desire (U.S. Cellular)
3. Sony Ericsson Xperia X10 (AT&T)
4. Sanyo Zio (Sprint, Cricket Wireless)
5. HTC Wildfire (T-Mobile)
6. Samsung Epic 4G
7. LG Optimus S (Sprint)
8. Samsung Galaxy S (T-Mobile)
9. Motorola Droid X
10. LG Optimus One
11. Motorola Droid 2
12. HTC Evo 4G

BYOD (Bring Your Own Device), but not an Android!
Bit9�s findings may be preaching to the choir here, but its study is really aimed towards business workers who are ditching their BlackBerries for other popular operating systems�in droves. This week, one study claimed iPhone has surpassed BlackBerry as the most popular smartphone used in the office. But Bit9 and PCMag�s networking analyst Samara Lynn still believe BlackBerry is �tops for IT,� because it uses an enterprise server that gives companies full control over issuing updates.
As mobile malware matures, the targets will inevitably grow bigger and more lucrative.
�We�re going see more and more corporate attacks on smartphones, more spear phishing, more targeted email attacks. Given the landscape, it�s a ripe field that�s growing faster than the security itself,� said Sverdlove.


The 12 Most Vulnerable Smartphones

[guerllamo7]

The iPhone is clearly in the running for this contest:
IPhone Security Issues: Apple Vows To Patch 'Critical' Software Flaw

iPhone Security Bug Lets Innocent-Looking Apps Go Bad - Forbes
The iP4s is one or tops two seconds faster for web browsing than the Bold 9930. In exchange for that I say keep the second and the malware.

But BlackBerry users already knew this. That is one reason we have BlackBerry devices.

[Rickroller]

The 12 Most Vulnerable Smartphones
“We’re going see more and more corporate attacks on smartphones, more spear phishing, more targeted email attacks. Given the landscape, it’s a ripe field that’s growing faster than the security itself,” said Sverdlove.

Corporate attacks on cellphones..ooook.



Funny we keep hearing these "fear mongering" security companies preaching, and yet have yet to hear anything real world of corporate data theft.

Perhaps instead of concentrating on stealing other companies ideas, these companies should focus on their own business hmmmm..

[belfastdispatcher]

Corporate attacks on cellphones..ooook.

Click to view quoted image

Funny we keep hearing these "fear mongering" security companies preaching, and yet have yet to hear anything real world of corporate data theft.

Perhaps instead of concentrating on stealing other companies ideas, these companies should focus on their own business hmmmm..

Lol, are you serious? Like they're gonna admit it happened. How long did it take Sony to admit they were hacked?

It's bad publicity, they will brush it under the carpet. How often do you hear about industrial espionage? You can be sure it happens.

[Rootbrian]

Article doesn't say blackberry is vulnerable. lol

Posted from my CrackBerry at wapforums.crackberry.com

[Phil DeLong]

How is this news? Android is most vulnerable, BlackBerry is least, and iOS falls somewhere in between; we've all known this for quite a while now.

[Rickroller]

Lol, are you serious? Like they're gonna admit it happened. How long did it take Sony to admit they were hacked?

It's bad publicity, they will brush it under the carpet. How often do you hear about industrial espionage? You can be sure it happens.

I'll be sure to take your word

[mod9]

Sad that BB fans have to find such stories to console themselves, worse still is that these are things that have been known for a while.


I am still waiting for my ultimate communication tool- a QNX BB Bold 9900 successor. I hope that it will be a brillianct device cause I am prepared to wait till 2013.

[mjs416]

I'll be sure to take your word

So because you've never heard of it happening - it never happens? Did you know the Earth is flat too?

[belfastdispatcher]

I'll be sure to take your word

I have friends that work as private investigators, following people. 50% of their work is people selling their company's intellectual property before leaving the company or bringing it with them to their new company. The rest is insurance or benefits fraud.

Posted from my CrackBerry at wapforums.crackberry.com

[belfastdispatcher]

By the way, there was a recent case of industrial espionage in Formula 1, I believe somebody went to jail for it.

http://www.motorauthority.com/news/1027509_f1-men-found-guilty-of-industrial-espionage


Posted from my CrackBerry at wapforums.crackberry.com

[hornlovah]

Espionage has always been called "the world's second oldest profession."

[anthogag]

The "business workers ditching BB in droves" are the ones in your office with too much time on their hands....a couple of games can blow an afternoon

[Superfly_FR]

Well, people may continue to think that other devices are secure "enough" for their needs.
I'm ready to see the damages of unmonitored BYOP campaigns in the very near future.
Not that I'm glad of it, but maybe this will put some feet on the ground ...
I stopped to spread my credo over BB security a while ago, when I realized that most users don't even put a password to their phones ... "innocent assassins".

[Rickroller]

So because you've never heard of it happening - it never happens? Did you know the Earth is flat too?

If a tree falls in the woods and nobody hears it, does it make a sound? We have proof the earth is in fact round. But nice analogy

By the way, there was a recent case of industrial espionage in Formula 1, I believe somebody went to jail for it.

F1 men found guilty of industrial espionage

Bad link, but thanks for trying. Was this industrial espionage from cellphone hacking? My guess would be no. I'm still waiting for somebody to show me some concrete hacking tool that allows you to steal email info and credit cards #'s and passwords. The best i've found is called "bluesnarfing" and it can be done via BT on ANY phone that's left enabled.

[Rickroller]

\Like they're gonna admit it happened. How long did it take Sony to admit they were hacked?

It's bad publicity, they will brush it under the carpet. How often do you hear about industrial espionage? You can be sure it happens.

The point is we did hear about it, and we've miraculously heard of many other companies being hacked via computers, all the time. But somehow this cellphone hacking is secretly being swept under the carpet..along with the Loch Ness monster and BigFoot.

[Superfly_FR]

The point is we did hear about it, and we've miraculously heard of many other companies being hacked via computers, all the time. But somehow this cellphone hacking is secretly being swept under the carpet..along with the Loch Ness monster and BigFoot.

So far I know, it has not been done yet. I wonder if this have to be related with RIM being the standard for years .
But last time I spent some time with a friend of mine whose nick could be "g1mme_some_2hack", he told me : "we're going to have a lot of fun, very, very soon".

[Superfly_FR]

Bad link, but thanks for trying. Was this industrial espionage from cellphone hacking? My guess would be no. I'm still waiting for somebody to show me some concrete hacking tool that allows you to steal email info and credit cards #'s and passwords. The best i've found is called "bluesnarfing" and it can be done via BT on ANY phone that's left enabled.

The link is good to me ... droid browsing ? (lol, free bash w/ )
The point is that if this guy had sensitive infos on its BB controlled by BES, he couldn't transfer it to non authorized (I mean not being with the proper centralized credentials) person. If he had, say, a cloud enabled phone (sorry, I use iPhone for this particular example, but applies to others also) he could store them without control and even retrieve them on any machine that is able to access the cloud. This is open leaking ... and it is a huge part of security concerns for companies.

[mithrazor]

If a tree falls in the woods and nobody hears it, does it make a sound?

Lol you know that works against your argument right?

[hornlovah]

I'm still waiting for somebody to show me some concrete hacking tool that allows you to steal email info and credit cards #'s and passwords.

Hundreds of thousands of Android devices have been infected with malware capable of the stealing the information described above. Several hundred thousand is a relatively small number, but the threat is very real. About 250,000 Android users were infected with DroidDream, which roots the device and steals IMEI, IMSI, user ID, product ID, provider, language, country etc. DroidDream also has the ability to download more code to the rooted device, so its potential for exploitation is not limited. DroidDreamlight infected about 120,000 mobile devices, and it is also capable of downloading new applications.

DroidLive was discovered in the Android Market this month. It can send messages to premium text numbers, collect your personal information, make phone calls, etc. It is disguised as a Google library, and tries to install itself as a device administration app with privileges similar to your firmware. With that kind of access, your confidential information is "toast."

[world traveler and former ceo]

The "business workers ditching BB in droves" are the ones in your office with too much time on their hands....a couple of games can blow an afternoon

Very true!!! ... Like internet in the early days ... people doing personal stuff during company time!! . very true!!

Posted from my CrackBerry at wapforums.crackberry.com

[Alt-F4]

....Smells like burnt troll in this thread.

[Rootbrian]

....Smells like burnt troll in this thread.

Where's the bbq sause? Because I want some of that cooked stuff! :P

[tack]

This has been known for awhile. People not password protecting their phone is a much bigger issue by far, even with a BB. Windows PC's have been plagued with malware forever but they still dominated. I think this becomes a bigger issues as people put more and more information on their phones like banking, etc. People may wake to this eventually but I don't think this is selling many people on switching. RIM should put this stuff in their advertisements but I don't see them making it a strong part of their message outside of the enterprise.

[anthogag]

Definitely work-from-home pr trolls in this thread....raked over the coals