The mobile

Pro

Android phones fill the list of smartphones that are left vulnerable because of infrequent software upgrades, Bit9 researchers report.

A list of 12 smartphones that pose the highest security and privacy risks to consumers and corporations was released by a maker of security software.

The phones, all Android models, on the ‘Dirty Dozen’ list compiled by Bit9 of Waltham, Massachusetts are:

• Samsung Galaxy Mini
• HTC Desire
• Sony Ericsson Xperia X10
• HTC Wildfire
• Samsung Epic 4G
• LG Optimus S
• Samsung Galaxy S
• Motorola Droid X
• LG Optimus One
• Motorola Droid 2
• HTC Evo 4G

In compiling the list, Bit9 researchers looked at three things: the market share of the smartphone, what out of date and insecure software the model had running on it and how long it took for the phone to receive updates.

In gathering information for the study, the researchers were astonished by the state of the Android ecosystem. "What was surprising for us was really the extent of the chaos and the fragmentation that exists in the Android ecosystem itself, and the way that the Android smartphones are distributed and more importantly, the way that security updates are done," said Bit9 CTO Harry Sverdlove.

The researchers found that 56% of Android phones in the marketplace today are running out of date and insecure versions of the operating system. Buying a new phone does not skirt that problem, either. In some cases, the researchers discovered, phones contained software as much as 300 days old out of the box.

"If there are vulnerabilities and you’re sitting on a phone that has not been updated for six months, that’s an eternity for a hacker," Sverdlove declares. "All that time, you’re that much more at risk of being infected, of having your personal information stolen, of becoming a victim to some sort of malicious activity."

Vulnerabilities are not what make the Dirty Dozen so dirty, Sverdlove notes. "There are vulnerabilities in all software," he says. "Apple and its iOS has as many vulnerabilities in terms of what’s been reported as does Android."

"The challenge is not so much to create perfect software, but to know the vulnerabilities and, more importantly, to be able to update the software, to be able to respond to them quickly," he adds.

An advantage that Apple has over Android is that it can push updates to its software to all its smartphones simultaneously, he says. With Android, on the other hand, the manufacturers and carriers are responsible for pushing out updates.

"There’s too many cooks in the kitchen," he says. "It’s like buying a PC from Dell and expecting Dell and Comcast to be responsible for your Windows updates."

Sverdlove argued that all the players in the Android universe have to start thinking of smartphones as computers and not handsets. "There has to be some changes made to the ecosystem itself," he adds. "The manufacturers and carriers have to start relinquishing control of the operating system to the software vendors."

IDG News Service