Delayed updates expose millions of android devices to security vulnerabilities. Safety always comes first in technology and manufacturers have to constantly update the products they develop. It may take time for manufacturers to develop Android versions suitable for devices with different hardware. If this time is extended and the release of the patch is delayed, the probability of millions of devices at risk from sophisticated attacks increases.
Google's Project Zero project, which made this issue a critical focus, revealed that when manufacturers offer software updates to mobile phones, they do not pay attention to the issue after the first year of sales or the warranty period of the phones. He discovered that this also made the devices vulnerable to hackers. For example, a patch for ARM Mali GPU drivers was released by ARM in July of this year. But there are still many devices that do not receive patches because manufacturers do not consider it their priority to deliver updates as soon as possible. Interestingly, the trend of not releasing patches as early as possible was also observed in Pixel, Samsung and Xiaomi phones, which were sold all over the world.
Google Project Zero says manufacturers should show an interest in patching devices that are already in use, or security teams could soon face challenges that could put their businesses at risk.
Can Erginkurban, Product and Marketing Manager at ESET, commented: “It is not surprising that the team has Google's own Project Zero, which directly points to the security issues that arise when current updates and patches are not implemented on time, as Project Zero is more focused on finding vulnerabilities in code and hardware. is specialized. Such patch delays are experienced not only on Android phones, but also on all IT products, software or hardware.
For example, our telemetry consistently shows attacks on Microsoft Word and Apache vulnerabilities that are overdue. Such attacks happen because hackers are aware that there are many software vulnerabilities in the world. For some time now, Google has not only been putting pressure on Android device manufacturers, but also providing system updates via Google Play to help minimize the attack surface on other devices outside the Google Pixel line. Maybe it's time for consumers and the companies that use these devices to put a little more pressure on device vendors for a sensible patch strategy for our time.
Be the first to comment