Outdated Android and iOS phones could put US government workers at risk of attack

News
By published

Many government workers are using ancient phones, experts warn

Users using smartphones
Både Samsung og Apple har hatt et sterkt kvartal, men salget av mobiltelefoner er likevel synkende. (Image credit: Pixabay)

Many individuals working across US government agencies and organizations are using smartphones with outdated operating systems, putting both them and the organizations they work for at major risk of identity theft, data leaks, and other forms of cybercrime.

A report from cybersecurity experts Lookout analyzing some 200 million devices and 175 million application, between 2021 and H2 2022 found US government workers are rather slow when it comes to mobile phone updates. 

In fact, ten months after iOS 15 was released, 5% of federal government employees, and almost a third (30%) of state and local government devices, were still running older versions of the operating system.

Security risks

But iOS is a closed ecosystem in which Apple builds and pushes updates to all iOS-powered devices - whereas Android is much more decentralized and thus, riskier. 

When Google releases a new update, it first needs to be adopted and tweaked by device manufacturers (for example Samsung, LG, Asus, OnePlus, and even Google itself) before being pushed to their respective endpoints

That makes Android updates significantly slower to roll out compared to iOS. As a matter of fact, ten months after releasing Android 12 (which was the latest version at the time of the analysis), 30% of federal devices, and almost 50% of state and local government devices, were still sporting older versions. 

Read more

> Millions at risk as old operating systems still power 1/10th of Android devices

> Android 11 still isn't on as many phones as Android 10

> These are the best Android antivirus apps so far

Running outdated versions of the operating system is a major cybersecurity risk, because older versions have known vulnerabilities that cybercriminals can easily exploit to bypass mobile antivirus solutions and deliver all kinds of nasty malware

At one point, older versions reach end of life and stop receiving support through security updates. In other words, if a vulnerability is found after end of life, it will stay unpatched, giving threat actors an easy way into the devices.

Google, for example, no longer supports Android 8 and 9, which are still being used by 10.7% of federal government employees, and 17.7% of state and logal government employees. According to BleepingComputer, these two versions have two thousand known vulnerabilities that will never be fixed. 

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.