Latest Threat Research: Technical Analysis: Killer Ultra Malware Targeting EDR Products in Ransomware Attacks

Get Informed


Outdated Android OS Still Being Used On Government Devices

Android, the most popular mobile operating system (OS) in the world, runs a large number of devices in the U.S. government, but only 0.08% are running the latest version of Android according to a report from mobile security firm Lookout. Lookout looked at over 200 million mobile devices used by U.S. federal and state government employees between January 2019 and December 2020. The report found that the Covid pandemic triggered a major shift to mobile device usage for government employees to access sensitive information, which makes security issues targeting mobile platforms more concerning. According to Lookout’s research, they found that only 0.08% of government users have upgraded to the latest Android version. Their figures are labeled below with known vulnerabilities:


The fact that nearly a quarter of government employees are running Android 8, which has over 636 known vulnerabilities, makes this a serious risk. In contrast to Android Devices, iOS users in the government sector show a high rate of adoption of the latest iOS version, with 67.8% on iOS 14. “Government agencies or departments may choose to delay updates until their proprietary apps have been tested. This delay creates a vulnerability window during which a threat actor could use a mobile device to gain access to the organization’s infrastructure and steal data,” the report states. 

Analyst Notes

To better secure mobile devices, here are several recommendations:
Keep mobile systems up to date. This may mean accelerating the testing of proprietary apps, but it’s a necessary change of priority. Make sure mobile vulnerability and patch management capabilities are part of your operation. Require users to install updates on mobile devices whenever they’re available. Implement an approved device list for BYOD devices.
Train employees to recognize phishing attacks, but don’t stop at desktop attacks—be sure to include recognizing phishing on mobile devices as well.

Source Article: