Mobile phone carriers chronically fail to issue patches, so many vulnerabilities linger without getting fixed for months or years. Daniel Thomas, Alastair Beresford, and Andrew Rice at the University of Cambridge have developed a scorecard for Android devices dubbed FUM, a number from 0 to 10 that breaks down how often manufacturers and network operators patch their devices.
They presented their research last week at the 2015 ACM CCS Workshop on Security and Privacy in Smartphones and Mobile Devices in Denver, CO.
The researchers' FUM score takes into account the proportion of devices that are free from critical vulnerabilities over time, the proportion of devices that run the latest updated version of Android shipped by the manufacturer, and the mean number of outstanding vulnerabilities affecting devices not fixed on devices shipped by a manufacturer. They hope the metric can eventually correlate to the security of Android devices on a more widespread level, noting the sheer lack of updates Android devices receive on average, just 1.26 updates a year, was part of what spurred them to more closely examine the environment.
The researchers gathered information for their research from 21,713 devices via the Device Analyzer app, which has been on Google Play since 2011.
From Threatpost
View Full Article
Abstracts Copyright © 2015 Information Inc., Bethesda, Maryland, USA
No entries found