Security Research Labs (SRL) just proved that some two-year study some Android phone makers claiming that their products have fully updated security patches are lying through a two-year study conducted on more than 1,200 Android phones.
In a report published by Techspot.com, SRL researchers Karsten Nohl and Jakob Lell looked into phones from Google, Samsung, HTC, Motorola, ZTE, TCL, and others and discovered “patch gap” after checking the source-code level.
Such patch gap are places in the code which should contain the updates but are found missing in most devices.
Sony and Samsung devices were found to have 0-1 missing update while Xiaomi, OnePlus, and Nokia have as many as 3 patches. Meanwhile, up to 4 patches were discovered missing in Huawei, HTC, Motorola, and LG, and more than 4 missing patches in ZTE and TCL.
Nohl then advised manufacturers: “You should never make it any easier for the attacker by leaving open bugs that in your view don’t constitute a risk by themselves, but may be one of the pieces of someone else’s puzzle. Defense in depth means install all the patches.”
(Photo source: gadgets.ndtv.com/ android.com)