Commentary from the Dow Jones Cybersecurity Newsletter

Last weekend, researchers from security software company Check Point released details of a vulnerability in the Android operating system that affects around 900 million phones and tablets. Qualcomm, which makes the chip responsible for the ‘Quadrooter’ security flaw, was informed in April and a relatively small number of devices have received patches already. The majority will be exposed until at least September and many devices will never be patched.
The Android landscape is fragmented. Hundreds of millions of handsets have outdated operating system versions and lack security patches due to the half-hearted approach of wireless carriers and Original Equipment Manufacturers to upgrading and supporting devices. Contrast the 86% of Apple iOS users on the latest version of the operating systems with only 10% of Android users. Around 55% of all Android devices in use are unsupported by Google.
Business cyber risk owners have been alerted to Quadrooter with good reason: at least half of a typical organization’s user base will use Android devices to access their work email and data. Bring Your Own Device (BYOD) means most organizations no longer own or directly manage those devices, which makes assessing the risk tricky. A widespread attack could seriously threaten the confidentiality of corporate data. Decision-makers must decide whether they are willing to accept the risk of older mobile operating systems having remote network access.
Quadrooter is a useful reminder for mobile security awareness. Most users do not think about mobile security in the same way as they think about laptop and desktop security. They should.

**This article was originally published as part of the Dow Jones Cybersecurity Newsletter, a weekly digest of news with commentary and analysis. Sign up for free at**