1. timmy t's Avatar
    Good news for BlackBerry

    ACLU takes wireless carriers to task for poor Android security

    ACLU takes wireless carriers to task for poor Android security - Network World

    The American Civil Liberties Union has called on wireless carriers to either take responsibility for Android security on the mobile devices they sell or let Google handle updates to protect the millions of people using the operating system.

    Christopher Soghoian, principal technologist for the ACLU, also urged federal legislators to pressure carriers into reversing their dismal handling of Android security. Soghoian made his remarks on Monday at the Kaspersky Lab Security Analyst Summit in San Juan, Puerto Rico.

    "If they want to control the software that runs on the device, then they need to take responsibility for the software that runs on the device," Soghoian told CSO Online. "If they don't want that responsibility, they need to give the control to someone else."

    "Right now, we have the worst of both worlds," he said. "Where the carriers get the control and don't take the responsibility."

    Wireless carriers did not respond to requests for comment.

    Because of the carriers, millions of Android users are currently using older versions of the operating system with known vulnerabilities that can be exploited by cybercriminals, Soghoian argues. In many cases, Android users are running versions of the OS that is two generations old.

    The lack of a consistent mechanism for pushing Android security updates to all users regularly has been a problem for years. Google provides a baseline implementation of the OS through the Android Open Source Project, and lets carriers and their hardware device partners add whatever features they wish.

    As a result, thousands of versions of Android are in use, making it impossible under the current conditions to secure all of them through one update.

    Lawrence Pingree, an analyst for Gartner, said, "It is very unlikely that Google has the resources required or the wherewithal to offer significant support for all the flavors of Android deployed in the world and since the OS is open-source, it likely has no obligation to do so."

    The ACLU has chosen to raise the issue at a time when recent cyberattacks from China have made front-page news. Last week, The New York Times and The Wall Street Journal reported that Chinese hackers broke into their computer systems.

    Also, Twitter reported that "extremely sophisticated" hackers stole the user names and passwords for a quarter million users.

    With so many high-profile security breaches, Washington lawmakers are more likely to become receptive to putting in place regulations for mobile phone security, Soghoian said.

    "The position that the wireless carriers are in right now, to be honest, is indefensible," he said. "The only reason they've been able to get away with this as long as they have is because the average consumer, and many policymakers, just didn't know that this was happening."

    Coming up with a practical solution will be difficult, experts say. With Android, Google provides carriers with a business model much different than that of rival Apple, which controls all the software on the iPhone and iPad.

    With Android, carriers and manufacturers work together to compete for customers based on the features built into the devices. "A key benefit of Android and their handset base is the ability of the carrier to provide a product to their market rather than receive the Apple experience where you get what you get," said Glenn Chisholm, chief security officer for Cylance.

    Theoretically, Google could revise its agreements with carriers to require that security updates get pushed out within a specified time. However, Google has shown no interest in taking such steps.

    "Honestly, based on current practice, I cannot find a good solution," said Xuxian Jiang, assistant professor for computer science at North Carolina State University.

    Meanwhile, the number of Android malware is growing substantially faster than any other Web-delivered malicious app, according to Cisco's recent 2013 Annual Security Report.

    In addition, cybercriminals appear to be building better tools for attacking the OS. The first documented Android botnet was discovered in the wild in 2012, Cisco said.
    02-05-13 04:28 PM
  2. Shanerredflag's Avatar
    Wow...that is good timing.
    02-05-13 04:33 PM
  3. darkehawke's Avatar
    Only for enterprise.
    The general consumer does not give a monkey's toupee about security until they themselves are breached.
    and that happens very few times on Android since i have seen no outcry yet
    02-05-13 04:34 PM
  4. calicocat2010's Avatar
    Only for enterprise.
    The general consumer does not give a monkey's toupee about security until they themselves are breached.
    and that happens very few times on Android since i have seen no outcry yet
    That's a shame. Oh well, they will be sorry later.
    02-05-13 04:43 PM
  5. Bold_until_Hybrid_Comes's Avatar
    perfect timing. Nothing new really though!
    02-05-13 04:48 PM
  6. darkehawke's Avatar
    That's a shame. Oh well, they will be sorry later.
    typical of modern life, live free and worry about consequences later.
    its how we got in the recession
    ctuffy and pcguy514 like this.
    02-05-13 04:59 PM
  7. independentvolume's Avatar
    Android is about to get hit hard with cybercrime, as is apple. There's a reason why PCs have way more viruses, malware, ECT.. Its because there's numbers.
    02-05-13 09:13 PM
  8. kfh227's Avatar
    Can't wait for BYOD to end ...but it won't. People will be told to get a Z10 or Q10.
    02-05-13 09:54 PM
  9. Emu the Foo's Avatar
    This is awesomely magnificent on many many levels
    02-06-13 03:01 AM
  10. Dapper37's Avatar
    Samsung wants people to believe they sell a business class device. *sigh*
    pcguy514 likes this.
    02-06-13 03:33 AM
  11. sigint99's Avatar
    Android is about to get hit hard with cybercrime, as is apple. There's a reason why PCs have way more viruses, malware, ECT.. Its because there's numbers.
    Not all PCs are running insecure operating systems like Windows so it's incorrect to say that PCs have "way more viruses". It all comes down to which OS the end-user is running and how it's been configured. Alternative PC operating systems such as GNU/Linux or FreeBSD are more hardened and resistant to malware attacks/exploits.
    jakie55 likes this.
    02-07-13 01:11 AM

Similar Threads

  1. Having both speed dial and application shortcuts at the same time
    By SoBold in forum BlackBerry Bold Series
    Replies: 0
    Last Post: 09-30-12, 06:17 PM
  2. Having IM conversation with more than one person at the same time
    By mzukin in forum General BlackBerry News, Discussion & Rumors
    Replies: 6
    Last Post: 05-20-10, 09:48 PM
  3. Need my phone to virbrate and ring at the same time...
    By xmarkyg313x in forum BlackBerry Pearl Series
    Replies: 10
    Last Post: 11-16-07, 10:18 AM
  4. Is a there a way to set my BB to vibrate and ring at the same time?
    By rickberry in forum BlackBerry Pearl Series
    Replies: 1
    Last Post: 09-01-07, 03:05 PM
  5. Could RIM have Handled the Outage Better?
    By CrackBerry Kevin in forum General BlackBerry News, Discussion & Rumors
    Replies: 3
    Last Post: 04-18-07, 01:29 PM
LINK TO POST COPIED TO CLIPBOARD