Skip to main content

Week 7: Android Security Issues

Less anyone thinks I have it out for Apple and will want to question my fanboy credentials. The recent issues with quality speak more to the branding and previous quality of their products. But when it comes to security issues, Android is significantly worse. There are a number of reasons, most having to deal with user behavior. 
Android is basically an open source operating system, similar to how Windows was in the eighties and nineties. Given the fact most of the manufacturers of the smartphones and the tables which use this system provide some variance of the OS, it limits the effectiveness of security updates Google might be providing. Additionally, users are reluctant to update their software to protect themselves. However, Google is attempting to handle this by working with manufacturers and shrinking the footprint of the Android operating system. The number of vulnerabilities they were seeing is shrinking even as the market share of devices running Android is growing. Lastly, some of the manufacturers are supplementing their devices with additional security such as Samsung's Knox. "Knox creates a container so that only authorized personnel can access content within it. All files and data, such as email, contacts, and browsers are encrypted within the container (Mearian, 2017)." 
The larger issue when dealing with application security is trying to decide if open source better or is a closed network? This isn't a question I can answer or if I should even try to answer but we do know is open source software by its very nature allows people to exploit it in a way they may not be able to do with closed network software.
  
References:


Mearian, L. (2017, August 07). Android vs iOS security: Which is better? Retrieved January 29, 2018, from https://www.computerworld.com/article/3213388/mobile-wireless/android-vs-ios-security-which-is-better.html

Comments

Post a Comment

Popular posts from this blog

Week 6: Spectre and Meltdown Fallout Continues.

By this time, many of you have heard about the Spectre and Meltdown vulnerabilities of which a lot of machines are susceptible. Most of the major parties involved have provided fixes through various patching means. However, there is still significant fallout due to this gap. Intel is now reporting their firmware patch is causing updates on some of the new chips they have produced. "Firmware updates were causing problems with Ivy Bridge, Sandy Bridge, Skylake and Kaby Lake." (Schwartz, 2018) This flaw is causing frequent reboots and instability in those chips. Additionally, Intel is behind in getting their firmware updates to the various vendors. Some of the major brands which are affected by these gaps are still feeling their way around this and trying to ensure they patch appropriately. It is likely we will see higher than normal OS updates for most folks when it comes to their computers, tablets, and smartphones. However, the big concern and part of the reason this g...
Post a Comment
Read more

Week 2 Blog: Apple's Recent Software Security Issues

Recently, my favorite tech company has been in the news for some very significant security gaps in their applications. Apple has long been branded as very secure software. Frequently, people will say they just don't get a virus. However, there was a security gap that impacted the Macs, which were using their latest software - High Sierra. This vulnerability allowed root access to any machine running this software. Various sites such as "The Verge" indicate using root to access these machines allow elevated privileges on the machine. It could be used to change Apple ID emails as well as user passwords. The gap presented a huge dent in Apple's reputation on security. Part of it was the way it was announced- the person who discovered the vulnerability publicly disclosed it on twitter. Interesting enough, Apple has a bug detection program in which they pay for any gaps in their software. Even more recently, a new vulnerability was discovered in Apple's Home Kit...
Post a Comment
Read more

What is leadership anyways?

Security Leadership is what precisely? I ask the question because it is a concept I am wrestling with at this time. What does it mean to be a security leader? Is it merely leading a security department as an information security manager or at the enterprise level as a chief information security officer or chief security officer? Is it influencing an organization's security posture without having an official title? Ultimately, leadership is about people. They said leadership is about getting people to work toward a common goal. The question is, are folks in those roles business leaders who are leading a technical portfolio, or are they technical leaders who enable the business to accomplish their goals? It is likely security leaders are both, and often need to be both. They're technical leaders and business leaders. However, they require different leadership skills to be successful. The additional factor is what is the senior leadership need from their senior security...
Post a Comment
Read more