Skip to main content

Global Ransomware Attack Should Have Google Quaking In Its Boots

Around 200,000 PCS running old or unpatched versions of Windows were caught in this week's ransomware meltdown, with global and very high profile consequences. Whilst many are trying to lay the blame at Microsoft's door that's both disingenuous and a demonstration of personal bias. 

Windows XP has been out of production for nearly a decade and out of extended support for more than three years. Microsoft patched the vulnerability in supported platforms months ago. Businesses still running XP or failing to apply Windows updates have only themselves to blame. 

However, imagine a scenario where half a billion devices were to be affected, locking users out of their phones, files and basic communication. 

That's the scenario Android faces as Google fails to resolve the problem of fragmentation and deliver a cohesive strategy for security updates across the Android estate. Less than 5% of Android users were on the latest version of the platform by the end of April. Nearly two-thirds were on a two year old version of Android.

And for customers this has the potential for a significantly larger downside. It's not hard to imagine a vulnerability which allows a hacker to robocall premium rate phone numbers, racking up a much bigger take than the current hack might gain.

So while the fallout from this particular attack has been enormous, the prospect of something similar happening on Android is a whole magnitude worse. And unlike Microsoft, which shoulders very little of the blame for this week's attack, Google would be skewered for the lack of support provided to Android users.

Right now Google can only hope it's older Android platforms are secure, because it has backed itself, its OEMs and carriers into a corner with its upgrade process. That isn't a good place to be.