New-found Android vulnerability weakens encryption in 57% handsets
NEW DELHI: Gal Beniamini, a leading security expert, and a member of Qualcomm’s Product Security Hall of Fame has reportedly suggested customers to only buy Nexus or Samsung devices. This is because nearly 57% of smartphones in the Android ecosystem have not yet received the monthly security patch released in May, which fixes a security vulnerability affecting the devices and users privacy. The vulnerability found by Beniamini affects the full disk encryption in devices.
By exploiting the CVE-2016-2431 vulnerability, the attackers will be able to navigate through the levels of trust and privileges, which enables them to access encrypted content in smartphones. Even though Google had addressed the issue in the May security update, OEMs have not been able to release timely updates for their devices except for Google and Samsung.
Almost 75% of the Galaxy S6 and Nexus smarpthones have been patched, which is significant because of a large user base of 5,00,000 phones. Galaxy S5, meanwhile, has also climbed the ladder to 45% from the previous 0.2% in January.
During the testing of a wide range of smartphones by Duo Labs, only Nexus and Samsung Galaxy devices demonstrated substantially enhanced security measures when compared to other competing devices. Hence, researchers like Beniamini are unable to recommended brands other than Nexus and the latest Samsung Galaxy devices from a security perspective.
While researchers recommended Nexus devices without any significant reservations, Samsung devices are also getting regular security updates of late and can be trusted. That being said, Duo Labs has suggested users to approach manufacturers to request for the release of patches, which is not feasible. By default, manufacturers should automatically monitor the security situation and release regular updates.
Source | EconomicsTimes