Android users who are running older versions of the operating system are prone to various mobile takeover attacks. A recent analysis from mobile security firm Lookout found that 99.2% of Android users in the U.S. government agencies are running on outdated operating systems, exposing their devices to vulnerabilities and cyberattacks. The findings raised severe security concerns since the federal agencies host critical sensitive information.
- Nearly, 99% of U.S. government Android users are exposed to hundreds of vulnerabilities due to out-of-date operating systems.
- App threats surged nearly 20 times across all levels of government as the cybersecurity community recategorized the risks surrounding embedded adware.
- 1 in 15 government employees was exposed to phishing threats. With over two million federal government employees alone.
- Over 70% of phishing attacks against government organizations sought to steal login credentials, which is a 67% increase from 2019.
- Nearly one-quarter of state and local government employees use personal unmanaged devices, outpacing the nearly 9% in the federal government.
Remote Work – An Added Fuel to Rising Threats
With remote working conditions globally, most of the employees in government organizations are using their personal devices to access sensitive government data. These multiple endpoints along with cloud applications are encouraging cybercriminals to discover vulnerable entry points to break into the victims’ devices.
The analysis found that 22.8% of the U.S. government workers still use the Android 8 operating system, which has over 636 known vulnerabilities. And 28.2% of federal, state, and local government employees use the Android 9 operating system, which has over 173 publicly known vulnerabilities.
Risks with a vulnerable operating system
- Attackers can exploit vulnerabilities to actively target and take over a device or surpass its built-in security measures.
- Compliance violations due to data handling practices.
- If an employee is running an old version, they present a risk to the organization that could be easily eliminated with an operating system update.
- Access to the camera and microphone to spy on the user.
- Access to the device’s file system.
- Connections to servers in foreign countries.
How to Maximize Mobile Security
Lookout also made certain recommendations to boost mobile security, these include:
- Keep mobile systems up to date. This may mean accelerating the testing of proprietary apps, but it’s a necessary change of priority.
- Make sure mobile vulnerability and patch management capabilities are part of your operation.
- Require users to install updates on mobile devices whenever they’re available.
- Implement an approved device list for BYOD devices.
- Train employees to recognize phishing attacks, but don’t stop at desktop attacks: Be sure to include recognizing phishing on mobile devices as well.
“Malicious actors have embraced mobile phishing because they can use any one of the hundreds of apps on the average person’s mobile device. Attackers can socially engineer targets on a personal level through social media apps, messaging platforms, games, and even dating apps. An attacker will target particular individuals, including department heads, law enforcement officials, city superintendents, revenue officers, or other government officials to gain privileged access to the data they want to steal,” Lookout said.