Information Security News mailing list archives
DARPA-Funded Service Seeks Flaws In Smartphones
From: InfoSec News <alerts () infosecnews org>
Date: Tue, 24 Jul 2012 04:03:16 -0500 (CDT)
http://www.darkreading.com/security-services/167801101/security/security-management/240004217/darpa-funded-service-seeks-flaws-in-smartphones.html By Robert Lemos Contributing Writer Dark Reading July 24, 2012Beset by malware and malicious attackers, developers in the personal-computer world have found ways to reduce the time between the release of a patch and the installation of the fix on vulnerable systems.
With Android smartphones and tablets, however, long delays between the release of a fix and the installation of the patch regularly leave devices open to attack. About two-third of all Android smartphones, for example, are using Android version 2.3, codenamed "Gingerbread," a major update released more than a year and a half ago, according to the Android developers' dashboard. Since then, two major revisions -- not including the tablet-focused "Honeycomb" -- have been released to add features and fix security issues.
Companies and consumers need a way to get smartphone manufacturers and wireless carriers to fix and deploy security issues faster, says Jon Oberheide, chief technology officer for start-up Duo Security. For businesses, the situation is particularly worrisome as most firm have had to deal with workers bringing a host of mobile devices inside the corporate firewall.
"It's not like patches for the vulnerabilities don't exist," Oberheide says. "In many cases, they've been around for 6 months to a year, but they just have not been rolled out."
[...] -- Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online. Come to a free class and see how good and fun the program really is. http://www.expandingsecurity.com/PainPill
Current thread:
- DARPA-Funded Service Seeks Flaws In Smartphones InfoSec News (Jul 24)