DARPA-Funded Service Seeks Flaws In Smartphones

[InfoSec News <alerts () infosecnews org>]

http://www.darkreading.com/security-services/167801101/security/security-management/240004217/darpa-funded-service-seeks-flaws-in-smartphones.html

By Robert Lemos
Contributing Writer
Dark Reading
July 24, 2012

Beset by malware and malicious attackers, developers in the 
personal-computer world have found ways to reduce the time between the 
release of a patch and the installation of the fix on vulnerable 
systems.

With Android smartphones and tablets, however, long delays between the 
release of a fix and the installation of the patch regularly leave 
devices open to attack. About two-third of all Android smartphones, for 
example, are using Android version 2.3, codenamed "Gingerbread," a major 
update released more than a year and a half ago, according to the 
Android developers' dashboard. Since then, two major revisions -- not 
including the tablet-focused "Honeycomb" -- have been released to add 
features and fix security issues.

Companies and consumers need a way to get smartphone manufacturers and 
wireless carriers to fix and deploy security issues faster, says Jon 
Oberheide, chief technology officer for start-up Duo Security. For 
businesses, the situation is particularly worrisome as most firm have 
had to deal with workers bringing a host of mobile devices inside the 
corporate firewall.

"It's not like patches for the vulnerabilities don't exist," Oberheide 
says. "In many cases, they've been around for 6 months to a year, but 
they just have not been rolled out."

[...]


--
Learn how to be a Pen Tester, CISSP, ISSMP, or ISSAP with Expanding Security online.
Come to a free class and see how good and fun the program really is.
http://www.expandingsecurity.com/PainPill