The Importance of Smart Phone updates

2nd September 2016 | All

The importance of regularly updating your devices and maintaining regular patch management is imperative when combatting cyber crime, eliminating potential attack platforms. This gathers further importance in modern times with smart phone users as new – previously undiscovered – vulnerabilities are appearing day by day, with up to 89% of all smartphones being potentially at risk of compromise with a simple text message.

This month it has emerged that NSO Group, a digital arms dealing group selling software used for stealthily tracking activities on mobile devices, have been sitting on top of three major security vulnerabilities in the Apple iOS software. It has been discovered that exploitation of these vulnerabilities unlocks a trove of sensitive information that most would be horrified to see fall into the wrong hands.

Thorough investigation carried out by researchers John Scott Railton and Bill Marczak revealed that the NSO Group’s spyware product Pegasus may be the facilitator of exploits against these discovered weaknesses in the iOS software. Be sure to update your iPhone and iPads as, when exploited, attackers will: have access to mobile tracking – allowing for the triangulation of your current location; read SMS messages; record sound; and log user input allowing for credential theft. This has led to Apple pushing their latest iOS 9.3.5 patch to the community.

Apple users, fear not, you are not alone. All smartphone users should be meticulous when implementing security updates and patches. Zero days are rife in the smart phone community, with new vulnerabilities being discovered at a rapid rate.  Examples, such as the ‘Metaphor’ exploit, aim to achieve the same results as those of the three vulnerabilities discovered in the iOS software, allowing an attacker to track the targeted mobile device, collect passwords through key logging, and remotely take control of a device.

Ensuring your device remains up to date

The worrying fact is there are countless mobile devices out there lying unpatched, unloved, and under threat. Many users simply do not see the importance in keeping their device up to date due to the factor of inconvenience. Updating your mobile device could not be simpler and I encourage all who read this to take action.

If your device is not set to auto-update, perform the following relevant actions:

To update an iPhone or iPad:

  1. Select Settings > ‘General’
  2. Select ‘Software Update’ at which point your device will search for the latest updates
  3. If an update is available, select ‘Confirm’, and allow the update to run

To update an Android smartphone:

  1. Go to Settings
  2. Select ‘About Device’
  3. Select ‘Software Update’ > and select ‘Check for an Update’

To update a Windows smartphone:

  1. You will be notified when a new update has been rolled out for your Windows Smartphone
  2. Connect your device to your PC and launch the Zune software
  3. Select ‘Update Now’

SOURCES:

http://www.nytimes.com/2016/08/26/technology/apple-software-vulnerability-ios-patch.html?_r=0

http://www.cnet.com/uk/news/researcher-finds-mother-of-all-android-vulnerabilities/

 

Author: Jack Stepek, Cyber Security Consultant, Unipart Cyber Security

Jack Stepek is currently in his first technical role carrying out security consultancy for UCS, providing Web and Infrastructure Penetration Testing, Cyber Security Training,  Incident Response and Zero Day Detect.