There have been reports of possible cyberattacks on several government officials due to outdated versions of operating systems. According to Bleeping Computer, almost half the Android mobile phones used by the US state and local government employees are exposed. The following came from a report by Lookout, a cybersecurity firm.
Statistics
Lookout reported that after releasing iOS 15, 5% of federal government employees and 30% of state and local government employees still have devices running on older versions of their OS. This was even after ten months had passed.
As for Android, 30% of federal government employees, and 50% of state and local government employees, still had not upgraded even ten months after Android 12 of the OS was released.
Although Android 13 is the latest operating system for Android, the data that is shown is from prior to the release. The information indicated below is 10 months after Android 12 was launched, which accounts for officials with outdated operating systems.
-
Android 12
Federal government devices: 67.05%
State and local government devices: 54.51%
Number of vulnerabilities: 423
-
Android 11
Federal government devices: 14.87%
State and local government devices: 15.65%
Number of vulnerabilities: 791
-
Android 10
Federal government devices: 6.58%
State and local government devices: 9.8%
Number of vulnerabilities: 1116
-
Android 9
Federal government devices: 3.98%
State and local government devices: 10.29%
Number of vulnerabilities:714
-
Android 8
Federal government devices: 6.69%
State and local government devices: 7.38%
Number of vulnerabilities: 1332
Android 8 has not been supported since November 2021, and Android 9 in March 2022. That leads to 28.4% of government officials running on operating systems that will no longer be updated, leaving them vulnerable to thousands of attacks.
About 75% of cyberattacks come from malware delivery, while the remaining 25% is credential harvesting. However, there are certain attacks that infect Android devices, more like fake apps. Zero-day vulnerabilities are also used in targeted attacks against people like journalists, politicians, and activists.
Lookout monitored 11 employees, both with managed and unmanaged devices with roughly the same targeting rate. One was targeted by a phishing attack. After encountering infected links, 57% did not make the same mistake. But, 19% managed to click malicious links again, and 24% clicked them more than three times.
Possible Attacks Due to Outdated Devices
-
Data Leaks
Various apps can sometimes collect extensive information from their users. That includes their names, date of birth, credit card and bank account details, location, and more. If the servers from those apps are hacked, then the information you put into them will be exposed.
-
Phishing Attacks
Users can be targeted via emails, text messages, or voice calls. With this, hackers can obtain information like passwords or download malware that can serve as a doorway to private information.
-
Spyware
There are apps that can monitor your activity as well as those you communicate with. It can track a user's phone activity and location.
-
Malicious Apps
There are malicious apps that offer services that seem too good to be true, as mentioned in Reader's Digest. There's a possibility that it might contain a virus, which might steal user data.
Related: Outdated Android Phone? Here's How To Update Android Devices With Software and Security Fixes
