More than 70 percent of mobile devices on five major U.S. carriers are susceptible to being breached due to unpatched devices being on their network, according to a recent study.
The study analyzed millions of data points taken from global sensors between Jan. 1, 2016 and Dec. 31, 2016, according the Skycure's Q4 Mobile Threat Intelligence Report.
The report looked devices on AT&T, MetroPCS, Sprint, T-Mobile, and Verizon and found 71 percent of mobile devices are running on security patches that are at least 2 months old and that six percent of devices are running on patches that are six or more months old.
Researchers said that among all the carriers looked at in the study, more than one-third of devices had patches more than three months old and since Google releases Android security patches every month, these devices were at least three patches behind for Android users.
The report said there are two primary factors that allow attackers to be successful when exploiting unpatched devices: user behavior and device vulnerabilities.
A lack of education on the importance of patching devicesis another contributing factor, while carriers being slow to release the patches also factor into the equation, Skycure Vice President Varun Kohli told SC Media.
“First, we need better education to fix this problem,” Kohli said. “Second, carriers and manufacturers need to work with both external and internal security researchers to find vulnerabilities, fix them with patches and distribute them in a timely manner.
He added that it's easier to close the vulnerability gap window for Apple products since it's a single vendor controlling everything but with Android devices, there are more variables to account for which slow patch delivery.
Kohli said it was shocking to see the large percentage of unpatched devices that were more than two months old which may have been exposed to vulnerability exploits that hackers knew about but users had no defense against.
“It's a one-sided war—hackers have the upper hand because they know all your device's vulnerabilities and you are unarmed,” Kohli said.