Android Security Round-Up: WiFi Security at Super Bowl, Mobile Device TCO and Yet Another Mediaserver Flaw

Security

Android SecuredNow that the Broncos have won and Super Bowl 50 is history, it will be interesting to see whether the FBI’s worries about the free WiFi access at the games were borne out. As our story titled The Hidden Cost of Free WiFi at Super Bowl in Android Secured last week pointed out, the agency was apparently quite concerned about criminal hackers and spear phishers trying to compromise the smartphones and tablets of those accessing the free WiFi service at the Super Bowl.

Their worry was based on previous experience where opportunistic cyber criminals attempted to steal data and plant malware on mobile devices belonging to people attending similar major sporting events. There’s no word yet on whether or to what extent threat actors may have done the same at this week’s Super Bowl, but stay tuned for more on this.

Meanwhile in other news, Google released a slew of security patches for Android as part of its regularly scheduled updates for February. (See Latest Android Security Update Includes Patches For Critical Flaws In Mediaserver, Broadcom WiFi Driver.) The patches included fixes for seven critical vulnerabilities, including one in the Android Mediaserver component.

So far, Google has patched over 30 critical vulnerabilities in Mediaserver since last summer when security vendor Zimperium first alerted the world of major problems in the Android component with its disclosure of the Stagefright vulnerability. For anyone who needs reminding, the Stagefright issue is thought to affect 1 billion Android devices, and it’s what got Google started on its monthly patch release regimen in the first place. Something tells me that this won’t be the last critical vulnerability that Google will have to patch in Mediaserver.

mobile-costsSpeaking of reminders, security vendor Wandera served up one last week on the disparity between how much organizations spend on mobile security and how much they spend responding to a breach. The company recently commissioned a survey of 1,000 IT professionals and found that US organizations on average spend about $113 annually on security software and management per smartphone while shelling out between $40,000 and $400,000 responding to a mobile security breach. Read Enterprises Spend Three Times More on Mobile Breaches Than on Mobile Security to learn more, including enterprises’ actual average TCO per mobile device when all costs are factored in.

And while on the subject of surveys, check out Business Users Take More Mobile Security Risks Than Others Users, which reports on a survey by Allot Communications of Israel and security vendor Kaspersky Labs. The survey showed that users take more risks when using their mobile devices for work purposes rather than when they do so for personal reasons. Apparently, the number and variety of apps that people use on a daily basis for business purposes, and the different transactions they engage in when doing so, put them at higher risk than those using a mobile for narrower personal reasons.

About Jaikumar Vijayan

Vijayan is a freelance journalist and technology content writing specialist with 20+ years of award-winning experience in IT trade journalism. He is a former Senior Editor at Computerworld Inc.and is a frequent contributor to Christian Science Monitor Passcode, Computerworld, Dark Reading, eWEEK and other publications. Vijayan is the author of BlackBerry's "The Definitive Guide to Mobile Security: Strategies and Tactics for Business & IT Decisionmakers" e-book on mobile security and an author of security white papers for the SANS Institute.

Join the conversation

Show comments Hide comments
+ -
blog comments powered by Disqus