More than 200,000 computers in over 150 countries across the globe have been affected by the WannaCry ransomware attack. But up to now, the attack, which is considered to be one of the deadliest to have ever hit the World Wide Web, has yet to be felt on other devices other than Windows OS-based computers.
So far, the main loophole that WannaCry is taking advantage of has been determined to be Windows PCs that are installed with outdated software. Most institutions are still using Windows XP and as a matter of fact, Microsoft stopped sending security updates to this OS over three years ago. This means these devices have remained without security patches for possible bugs and holes the whole time, leaving them ‘open’ for hackers to exploit. Does this “outdated software” saga sound any familiar to you?
If it doesn’t, well, let me remind you – Android! Android runs on more than 2 billion devices across the globe. Interestingly, only 7.1% of this figure has the latest Android Nougat installed, either out of the box or via an OTA update. Of this same figure, about one third still runs on the outdated Android 4.4 KitKat or maybe older – operating systems that first saw the light back in September 2013 and beyond. That’s a whole three and half years ago – or even more for those still on Jelly Bean, Ice Cream Sandwich or even Gingerbread, among others (check your version in Settings>About phone>Android version). If anything, this is the true definition of what using outdated software really is!
According to security experts, the longer an Android OS version stays in use, the higher its chances of being attacked grow since it becomes weaker and weaker with age (it should be obvious unless you grow stronger as you become older). This is the same story when it comes to Windows PCs, but as it appears, Android users have nothing to worry about (really).
Apparently, there are a number of things that separate how Android and Windows systems work – features that are actually responsible for keeping Android users safe from WannaCry and other such-like attacks. Don’t be too excited, though, as this doesn’t mean that you’ll not be affected by things like closed-off ransomware attacks. For now, at least, you can rejoice in the fact that WannaCry is only limited to Windows PCs.
So, what makes Android users WannaCry-proof?
As pointed out, outdated software is the main problem here, but whose fault is it, really? In March, Microsoft released a Windows OS security update that was apparently meant to prevent the WannaCry attack, but looking at what happened to thousands of Windows PC across the globe, it appears that not so many people had installed this update. Why? Because most of them are still using an outdated version of Windows OS.
This security update was not released to all Windows PC users, instead, it targeted the operating systems that are still being covered by Microsoft, which exclude Windows XP. Yes, it’s true that thousands of PCs in institutions across the globe are still using XP and this is exactly why the attack has been spreading faster than wildfire. Since the OS is unsecured, the WannaCry malware makes a meal of it and since institutions have a shared network, spreading the malware to other PCs happens fast.
As far as Android users are concerned, there’s a different way of doing things. In 2015, the search engine giant introduced what it calls the monthly security updates program. Last year, for instance, Google says that its monthly security updates’ program covered more than 735 million Android devices, including those running the older Android 4.4 KitKat. This means that devices such as Google Nexus 5, Samsung Galaxy S3 or even the Galaxy Note 3 are still receiving the latest Android security updates that protect them from attacks. Other companies such as Samsung and BlackBerry add their own security updates to what Google has uncovered, keeping their Android devices always protected.
As newer versions of operating systems come in, Google starts slowing down on the rate at which it sends out security updates to the older versions. For instance, those using the older Android KitKat cannot be guaranteed of monthly updates, but those using Android Marshmallow or Nougat are sure these updates will be there. With about 10% of Android devices still using older software that is no longer covered by Google’s monthly security updates program, it means there’s still a huge chunk of people out there that are not protected.
Another thing worth noting is that while Google preps these monthly security updates, it’s not their role to make the same updates available to all Android devices. The search engine giant only takes care of its own Pixel and Nexus family and leaves the rest to individual smartphone makers and carriers to take care of their models. As noted earlier, some companies such as Samsung, BlackBerry, LG, HTC, and Motorola have committed to rolling out these updates on a monthly basis, but there are others who no longer see the need to update their devices due to the costs involved. In short, they don’t value you as their customer!
No shared networks on Android devices
Android devices are the most used when it comes to web browsing. These phones access the internet via their wireless network’s data independent of each other and are not like PCs that share the same network in an office or institution. In case one of your friends has the WannaCry malware attack on their Android phone, this will remain only on the infected phone. Still, you might want to avoid receiving files from this infected device for they could easily pass on the infection to the clean phone.
Android users are not targets
With 10% of Android devices using outdated software, it means there are about 200 million users that are vulnerable to attacks, basically, due to a lack of monthly security updates. However, there’s still less to worry about in the Android camp.
Usually, an attack like WannaCry is mainly executed for monetary reasons. The persons behind it have already collected more than $80,000 worth of Bitcoin – money they think can be easily released by large institutions that usually have lots of money as well as huge chunks of data that they need to access all the time. I am talking banks, hospitals, businesses and so on.
With this in mind, the hackers will rarely target a single Android user who is probably some teenager and hope that they’ll get $300 out of this person. Besides, these phones have cloud backups where data is auto-saved, something that has meant Android users can do a factory reset at any point in time without losing their core data, which is, ideally, photos and contacts.
As for large institutions, these computer systems have crucial data and if lost or even denied access for some hours, they could lose much more than the $300 being demanded by the hackers. In short, hackers behind ransomware attacks such as WannaCry will want to target where they’re likely to get huge sums of money – and individual Android devices are not on their list, but they can’t be ruled out completely.