Security News > 2022 > November > U.S. govt employees exposed to mobile attacks from outdated Android, iOS
According to a new report, almost half of Android-based mobile phones used by U.S. state and local government employees are running outdated versions of the operating system, exposing them to hundreds of vulnerabilities that can be leveraged for attacks.
The report additionally warns of a rise in all threat metrics, including attempted phishing attacks against government employees, reliance on unmanaged mobile devices, and liability points in mission-critical networks.
Outdated mobile OS. Outdated versions of mobile operating systems allow attackers to exploit vulnerabilities that can be used to breach targets, run code on the device, plant spyware, steal credentials, and more.
The situation is much worse for Android, as ten months after the release of version 12, approximately 30% of federal devices and almost 50% of state and local government devices still needed to upgrade to the latest versions, thus remaining vulnerable to bugs that can be exploited in attacks.
Notably, 10.7% of the federal government and another 17.7% of state and local government devices were running Android 8 and 9, which reached the end of support in November 2021 and March 2022, respectively.
While commodity malware usually infects Android mobile devices using fake apps, advanced spyware developers are known to use zero-day vulnerabilities in targeted attacks against journalists, politicians, and activists.