Nearly three-quarters of Android devices on the five biggest U.S. carriers are running on security patches that are at least two months old, putting them at greater risk of being hacked.
That finding was made in an analysis released by Skycure, a mobile threat defense vendor.
The report looked devices on AT&T, MetroPCS, Sprint, T-Mobile, and Verizon and found 71 percent of mobile devices are running on security patches that are at least 2 months old and that six percent of devices are running on patches that are six or more months old.
Researchers said that among all the carriers looked at in the study, more than one-third of devices had patches more than three months old and since Google releases Android security patches every month, these devices were at least three patches behind for Android users.
How are these attacks successful?
The report said there are two primary factors that allow attackers to be successful when exploiting unpatched devices: user behavior and device vulnerabilities.
A lack of education on the importance of patching devices is another contributing factor, while carriers being slow to release the patches also factor into the equation, Skycure Vice President Varun Kohli told SC Media.
“First, we need better education to fix this problem,” Kohli said. “Second, carriers and manufacturers need to work with both external and internal security researchers to find vulnerabilities, fix them with patches and distribute them in a timely manner.
He added that it’s easier to close the vulnerability gap window for Apple products since it’s a single vendor controlling everything but with Android devices, there are more variables to account for which slow patch delivery.
Kohli said it was shocking to see the large percentage of unpatched devices that were more than two months old which may have been exposed to vulnerability exploits that hackers knew about but users had no defense against.
“It’s a one-sided war—hackers have the upper hand because they know all your device’s vulnerabilities and you are unarmed,” Kohli said.