US Govt Employees Exposed To Mobile Attacks From Outdated Android, iOS

According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks. From a report: These statistics come from a report by cybersecurity firm Lookout, based on an analysis of 200 million devices and 175 million applications from 2021 to H2 2022. The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks. Outdated versions of mobile operating systems allow attackers to exploit vulnerabilities that can be used to breach targets, run code on the device, plant spyware, steal credentials, and more. For example, last week, Apple released iOS 16.1, fixing an actively exploited zero-day memory corruption flaw used by hackers against iPhone users to achieve arbitrary code execution with kernel privileges.

Lookout reports that ten months after iOS 15 had been made available to users, 5% of federal government employees and 30% of state and local government devices were running older versions of the operating system. The situation is much worse for Android, as ten months after the release of version 12, approximately 30% of federal devices and almost 50% of state and local government devices still needed to upgrade to the latest versions, thus remaining vulnerable to bugs that can be exploited in attacks. It should be noted that Android 13 is the latest version of the operating system, but it was released after the first half of 2022, from which this data was collected.