Motorola has just announced that it will not follow Google’s Android security update cadence.
Instead, the mobile company will only provide security updates to its smartphones when it is convenient for their development team. The reason is: “…because of the amount of testing and approvals that are necessary to deploy them, it’s difficult to do this on a monthly basis for all our devices. It is often most efficient for us to bundle security updates in a scheduled maintenance release (MR) or OS upgrade.”
This means that Motorola’s Android users are more exposed to security vulnerabilities than other mobile users, such as Google Nexus.
Mobile security is a top concern for many businesses. In the recent Cisco 2016 Annual Security Report, mobile security was identified as one of the top security defenses SMB are currently using.
However, the truth of the matter is that up until now, we haven’t heard that much about large-scale security incidents involving mobile devices. In fact, in the latest Data Breach Investigations Report from Verizon, security researchers from Verizon specifically mentioned that they did not even have enough data to support adding mobile attacks to their report.
Ransomware for mobile?
Ransomware may change this. As more cybercriminals consider ransomware as the go-to method for making money in the PC market, targeting the vast amount of mobile device users may be the next natural step toward increasing their revenue stream.
As more and more employees depend on their mobile device for their daily work, taking those devices hostage may be just as effective as taking employees’ PCs hostage.
Every day, new vulnerabilities are detected in mobile devices which may allow attackers to successfully run ransomware code that can breach the sandbox environment implemented by all modern mobile OS.
One example is the Accessibility Clickjacking vulnerability discovered by SkyCure some time ago. This Android OS vulnerability allows an attacker access to resources outside of the sandbox. It’s this type of vulnerability that is exactly what ransomware needs in order to encrypt all the files on the mobile device and effectively take it hostage.
Ransomware has a direct and quantified effect on both the user and the business; therefore, it may tip the scale toward the importance of securing mobile devices. A concerted effort should be made to ensure that the mobile device OS is up-to-date with the latest security patches—effectively blocking any attempt of leveraging known vulnerabilities and unleashing destructive attacks like ransomware.
Keep your systems protected with LANDESK Security Suite and don’t forget to check out our free white paper below.