Here's Why Android's Shoddy Update Solution Should Be Giving You NIghtmares


Do you have an Android smartphone? Quick, go check when it last received a security update. Before July this year? Then your phone is open to an apparently easy hack which could potentially take control of your device's network controller and seriously compromise security.

The worst part? There's just about nothing you can do to stop it happening.

The attack has been dubbed Broadpwn, as it utilises weaknesses in the Broadcomm Wi-Fi controller to take control of the network stack on your phone. It uses a Wi-Fi broadcast connection request to overwrite the chips firmware. The rewritten firmware creates its own infection point for other vulnerable phones.

In the current climate were this hack to see use in the wild it would spread harder and faster than any other virus known to man.

Why is that July 17 date important? That's when Google issued a security patch for the weakness. Of course this being Android you can pretty much guarantee the patch hasn't been applied to any Android phones at all, statistically speaking.

It's not as if buying a premium device gets you the updates any sooner either. My Xperia XZ last received a security update in November 2016.

In contrast, Apple released a patch last week. In that time I expect more iOS users will have gained protection from the weakness than Android users ever will.

The problems with Android's disastrous update situation dwarfs any criticism which has been aimed at Windows in the past. Google has mixed together the ingredients for a perfect storm of a hack attack, taking out smartphones, mobile networks and who knows what else thanks to a woefully implemented update situation.

Your next smartphone should be an iPhone or perhaps a Google Pixel. Anything else is just too damn risky.

0 comments: