Outdated Android and iOS phones could put US government workers at risk of attack
>
Many individuals who work for US government agencies and organizations use smartphones with outdated operating systems, putting both they and the organizations they work for at high risk of identity theft (opens in new tab)data breaches and other forms of cybercrime.
A report from cybersecurity experts Lookout, which analyzed some 200 million devices and 175 million applications between 2021 and H2 2022, found that US government employees are quite slow when it comes to mobile phone updates.
Ten months after iOS 15 was released, 5% of federal government employees and nearly a third (30%) of state and local government devices were still running older versions of the operating system.
Security risks
But iOS is a closed ecosystem in which Apple builds and pushes updates to all iOS devices, while Android is much more decentralized and thus riskier.
When Google releases a new update, it must first be adopted and modified by device manufacturers (e.g. Samsung, LG, Asus, OnePlus, and even Google itself) before being pushed to their respective endpoints. (opens in new tab).
That makes Android updates significantly slower to roll out compared to iOS. Ten months after the release of Android 12 (which was the latest version at the time of the analysis), 30% of federal devices and nearly 50% of state and local government devices still had older versions.
Running outdated versions of the operating system is a major cybersecurity risk, as older versions have known vulnerabilities that cybercriminals can easily exploit to bypass mobile antivirus solutions and deliver all sorts of nasty malware.
At some point, older versions reach the end of their life and will no longer receive support through security updates. In other words, if a vulnerability is found after the end of life, it will remain unpatched, allowing threat actors to easily access the devices.
For example, Google no longer supports Android 8 and 9, which are still used by 10.7% of federal government employees and 17.7% of state and state government employees. According to BleepingComputerthese two versions have 2,000 known vulnerabilities that will never be fixed.
Through: BleepingComputer (opens in new tab)