A recently published paper by the Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) has outlined the security concerns the two government agencies have about the use of Android by emergency service personnel including the police and the fire department.
In an unclassified report, marked as “for official use only” the Office of Intelligence and Analysis, Cyber Intelligence Analysis Division along with the National Protection and Programs Directorate, US Computer Emergency Readiness Team recognizes Android as the “world’s most widely used mobile operating system” and points out that it popularity makes it a primary target for malware attacks.
Of particular worry to the report authors, who coordinated their work with the FBI, is the fact that one third of Android phones still use Android 2.3.3 through 2.3.7. The report actually says 40%, but I will let that slide for the moment. Unfortunately all these versions have known security weaknesses, however they have been fixed in later versions of Android but still do remain in the older versions.
The report suggests that federal, state, and local authorities need to make sure that the OS on their mobile device is “patched and up-to-date.” It then goes on to outline the current security threats for Android users including SMS Trojans (that send premium rate SMS messages), root-kits and fake apps.
While all this is true and better upgrades from carriers and handset manufacturers is something we at Android Authority have long called for, the idea that government agencies are somehow using devices for which upgrades are available but haven’t been installed is frankly laughable. Telling the various Police, Fire and EMS departments to make sure that their devices are patched and up-to-date shows a complete lack of understanding about the availability of such patches and updates.
To further discredit the report the authors suggest that Android’s popularity among malware writers is due not only to its market share but also to its “open source architecture.” I will resist being too scathing but the open source nature of any software including Linux (which the NSA uses) has never been seen as detrimental to system security.
On the plus side the report does call for the use of security software including those which can scan for root-kits. It also points out that apps should only be installed from Google Play over reliable networks which are unlikely to have been spoofed by malware writers.
The sad thing is that such a paper could have called for government agencies to start using suppliers which have a good history of providing updates and patches. It could have named and shamed some suppliers who don’t provide long term support for their devices and it could have recommended the use of Google’s Nexus range of products or the Google Play Edition line-up, all of which receive prompt updates.
Like this post? Share it!
What an expert(s)…
Haha this, and they use windows computers
Oh the irony. lol
Actually windows is much more secure than most other operating systems. If you think about it, windows has over 90% of the market share and is doing considerably well at defending against viruses and has implemented plenty of security features that prevent malware attacks. If apple were in the same position of over 90% of the market share you would not see them doing as well. Apple’s security is more of a don’t ask, don’t tell type of security. There are a lot of loopholes in their system that just aren’t publicized
The fact is most government PCs are still running windows xp lol
@nathanborup:disqus Hmmm… I am not sure about that… Only last month Microsoft had to patch a bug in a kernel driver that was being actively exploited by malware authors including on Windows 8 and Windows 8 RT. See here: http://www.livehacking.com/2013/07/10/microsoft-patches-windows-kernel-mode-driver-vulnerability-which-is-being-exploited-in-the-wild/
Also when you see how many critical security patches MS releases every month it shows just how insecure Windows is… but on the plus side MS does release the patches!
That is the misconception about windows… the fact that windows DOES release these critical patches is what I am talking about. Apple knows of loopholes it has, but instead of patching them, they make sure to keep them out of sight and mind. The only time that apple pushes a security update is when it has already proved to be a major problem. Besides, Windows has much more pressure on security taking into account that is has over 90% of the market share… hackers are more likely to hack the majority over the minority. I am not saying windows doesn’t have bugs, i am saying that windows is more secure
If the government is run like every other entity with ungodly amounts of PC’s then the only ones with 8 are the executives and those with personal connections to get new equipment. Chances are the 99% of workers are stuck with PCs from 10~20 years ago.
Anytime I heard comparisons of security with windows I’m reminded of the simple .bat file. No antimalware, no antivirus, nothing can stop a simple command line script from taking down or compromising a system.
Link to the report?
I found this
The link for the report can be found in the grey box at the end of the article (to the left of my mugshot). It is listed as the source for the article.
I hope that helps, Gary.
Got the reply on Gplus and checked it out.
Interesting (read as scary) read. Not sure I’ll trust the FBI on this though.
They make some moronic assumptions that I’m certain are just them repeating what Microsoft sales people have told them to con them into shelling out contracts.
Or maybe they have a hard time making working spy programs on that platform.
Thus the criticism of open source ;)
Buy a Nexus! I mean yeah other Android phones are flashier and whatnot but if you care about this stuff you want to make sure you have the latest version of Android as fast as possible and you can only do that if you buy a Nexus. This is the main reason why I got one and honestly I’m very happy with it.
FBI worried about NSA ?
the fact that newer Android have higher hardware requirement didn’t help much.
less capable hardware will always stick with older android version.