Skip Links

The Dirty Dozen of security-vulnerable smartphones

Security firm Bit9 says Samsung Galaxy Mini, HTC Desire, Sony Ericsson Xperia X10, Sanyo Zio, HTC Wildfire are highest security risks

By , Network World
November 21, 2011 06:09 AM ET

Network World - Which smartphones pose the biggest security and privacy risks to consumers and corporations?

Security firm Bit9 has pulled together what it calls its "Dirty Dozen" list, putting the Google Android operating system in the spotlight, with claims that an estimated 56% of Android phones in the marketplace today are running out-of-date and insecure versions of the Android.

IN THE NEWS: Debate erupts over Android malware dangers

SMARTPHONE SECURITY: Smartphones, virtualization seen as greatest security challenge: Ponemon survey

According to the Bit9 study published today, smartphone manufacturers Samsung, HTC, Motorola and LG often launch new phones with outdated software right out of the box, and they are slow to upgrade these phones to the latest and most secure versions of Android. This heightens the risk of malware vulnerabilities or other types of attack, says Harry Svedlove, Bit9's chief technology officer, who notes detail about the "Dirty Dozen" research and its methodology is posted on the company's website for review.

"The value in this is raising awareness about something no one is talking about," Svedlove says, and that's the way that wireless service carriers and smartphone manufacturers fail to efficiently handle the process of software updates. "The challenge we had in the Android ecosystem is it's unbelievably fragmented," Svedlove says, adding, "From a security perspective, this eco-system is broken."

"All operating systems have vulnerabilities," Svedlove points out, but it's how quickly and effectively software gets fixed that matters. Bit9's analysis of the most vulnerable smartphones is based on criteria that includes looking at smartphones with the highest market share that were running out-of-date and insecure software and had the slowest update cycles.

The study pertains to smartphones released by manufacturers this year and last. Bit9 excluded RIM BlackBerry from its study mainly because iOS and Android now appear to comprise almost 80% of new smartphone purchases, plus Bit9 says BlackBerry is the only operating system to offer an Enterprise Server for companies to centrally manage as well as control updates and applications running on users' BlackBerry devices. Windows Mobile was also excluded because its market share is still small, about 5%.

The Bit9 "Dirty Dozen" not-so-smart smartphone list includes:

1. Samsung Galaxy Mini

2. 2 HTC Desire

3. Sony Ericsson Xperia X10

4. Sanyo Zio

5. HTC Wildfire

6. Samsung Epic 4G

7. LG Optimus S

8. Samsung Galaxy S

9. Motorola Droid X

10. LG Optimus One

11. Motorola Droid 2

12. HTC Evo 4G

The Samsung Galaxy Mini, for example, was released in April of this year based on a version of Android that was about 11 months out of date the day it shipped, according to Bit9. "It was Android Version 2.2 and it could have been 2.3.3 or 2.3.4," says Svedlove. Every smartphone in the Bit9 "Dirty Dozen" list is an Android.

"Honorary mention" on this list is given to the Apple iPhone 4 and older iPhone models because until the iPhone 4S, Apple -- both the software designer and hardware manufacturer -- also had a woefully inefficient software update model, Svedlove says.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News