Security Firm Lists 'Dirty Dozen' Unsafe Smartphones

Android phones fill the list of smartphones that are left vulnerable because of infrequent software upgrades, Bit9 researchers report.

A list of 12 smartphones that pose the highest security and privacy risks to consumers and corporations was released today by a maker of security software.

The phones, all Android models, on the "Dirty Dozen list compiled by Bit9 of Waltham, Massachusetts are:

In compiling the list, Bit9 researchers looked at three things: the market share of the smartphone, what out-of-date and insecure software the model had running on it and how long it took for the phone to receive updates.

In gathering information for the study, the researchers were astonished by the state of the Android ecosystem. "What was surprising for us was really the extent of the chaos and the fragmentation that exists in the Android ecosystem itself, and the way that the Android smartphones are distributed and more importantly, the way that security updates are done," Bit9 CTO Harry Sverdlove told PC World.

The researchers found that 56 percent of Android phones in the marketplace today are running out-of-date and insecure versions of the operating system. Buying a new phone doesn't skirt that problem, either. In some cases, the researchers discovered, phones contained software as much as 300 days old out of the box.

"If there are vulnerabilities and you're sitting on a phone that hasn't been updated for six months, that's an eternity for a hacker," Sverdlove declares. "All that time, you're that much more at risk of being infected, of having your personal information stolen, of becoming a victim to some sort of malicious activity."

Vulnerabilities aren't what make the "Dirty Dozen" so dirty, Sverdlove notes. "There are vulnerabilities in all software," he says. "Apple and its iOS has as many vulnerabilities in terms of what's been reported as does Android."

"The challenge isn't so much to create perfect software, but to know the vulnerabilities and, more importantly, to be able to update the software, to be able to respond to them quickly," he adds.

An advantage that Apple has over Android is that it can push updates to its software to all its smartphones simultaneously, he says. With Android, on the other hand, the manufacturers and carriers are responsible for pushing out updates.

"There's too many cooks in the kitchen," he says. "It's like buying a PC from Dell and expecting Dell and Comcast to be responsible for your Windows updates."

Sverdlove argued that all the players in the Android universe have to start thinking of smartphones as computers and not handsets. "There has to be some changes made to the ecosystem itself," he adds. "The manufacturers and carriers have to start relinquishing control of the operating system to the software vendors."

Follow freelance technology writer John P. Mello Jr. and Today@PCWorld on Twitter.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags smartphonesMotorolamobile securityAndroidsonyhtcPhoneslgsamsungconsumer electronicsEricssonSony Ericssonsanyowireless securityBit9

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.
John P. Mello Jr.

John P. Mello Jr.

PC World (US online)
Show Comments

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?