Samsung sued over 'lackadaisical' Android security updates

Up your game, says Dutch consumer group


Samsung is being sued by a Dutch consumer group for its alleged lackadaisical approach to security updates for its Android phones.

The Dutch Consumers’ Association (DCA) claims that an incredible 82 per cent of Samsung phones do not have the latest version of Android installed.

It blames the Korean giant for failing to prod customers to update their software and notes that regular updates are necessary to "protect consumers from cybercriminals and the loss of their personal data."

The lawsuit follows the collapse of talks between Samsung and DCA aimed at resolving the situation. The DCA sent a letter to the phone manufacturer back in December, and held a number of meetings. But they "did not lead to the desired result," and so it's going to court. It claims Samsung is guilty of unfair trade practices.

The DCA notes that it's not just Samsung that is apparently failing consumers but that it has chosen to take it the tech goliath because it is by far the largest manufacturer of Android phones in the Netherlands.

"Consumers are given inadequate information about how long they will continue to receive software updates," DCA director Bart Combée said in a statement. "[We are] demanding that Samsung provide its customers with clear and unambiguous information about this. Samsung moreover provides insufficient information about critical security vulnerabilities, such as Stagefright, in its Android phones. Finally, [we are] demanding that Samsung actually provide its smartphones with updates."

Eco, e-slow system

It has long been an issue that even when Google provides a security update, it take a long while for its to filter down to people's non-Google Nexus phones because of the complex eco-system built around the platform.

Unlike Apple, Microsoft – and Google – Samsung does not prod its customers to update their phones or explain why they need to do so, leaving potentially millions of people open to known security holes.

According to DCA, Samsung is also very slow at releasing updates, presumably because it wishes to check it is compatible with its flavor of Android, or in order to add new features. Samsung customers have also noticed for some time that it updates different phones with different software versions at different times - and typically not with the latest version.

That said, it is only fair to note that Google does tend to put out a lot of Android updates, not all of which are security updates.

In response to the lawsuit, Samsung put out an official statement saying it was working on improving its updates: "We have made a number of commitments in recent months to better inform consumers about the status of security issues, and the measures we are taking to address those issues. Data security is a top priority and we work hard every day to ensure that the devices we sell and the information contained on those devices are is safeguarded." ®


Other stories you might like

  • CISA and friends raise alarm on critical flaws in industrial equipment, infrastructure
    Nearly 60 holes found affecting 'more than 30,000' machines worldwide

    Updated Fifty-six vulnerabilities – some deemed critical – have been found in industrial operational technology (OT) systems from ten global manufacturers including Honeywell, Ericsson, Motorola, and Siemens, putting more than 30,000 devices worldwide at risk, according to private security researchers. 

    Some of these vulnerabilities received CVSS severity scores as high as 9.8 out of 10. That is particularly bad, considering these devices are used in critical infrastructure across the oil and gas, chemical, nuclear, power generation and distribution, manufacturing, water treatment and distribution, mining and building and automation industries. 

    The most serious security flaws include remote code execution (RCE) and firmware vulnerabilities. If exploited, these holes could potentially allow miscreants to shut down electrical and water systems, disrupt the food supply, change the ratio of ingredients to result in toxic mixtures, and … OK, you get the idea.

    Continue reading
  • Google: How we tackled this iPhone, Android spyware
    Watching people's every move and collecting their info – not on our watch, says web ads giant

    Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG).

    RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular spyware runs on both iOS and Android phones.

    We understand this particular campaign of espionage involving RCS's spyware was documented last week by Lookout, which dubbed the toolkit "Hermit." We're told it is potentially capable of spying on the victims' chat apps, camera and microphone, contacts book and calendars, browser, and clipboard, and beam that info back to base. It's said that Italian authorities have used this tool in tackling corruption cases, and the Kazakh government has had its hands on it, too.

    Continue reading
  • Info on 1.5m people stolen from US bank in cyberattack
    Time to rethink that cybersecurity strategy?

    A US bank has said at least the names and social security numbers of more than 1.5 million of its customers were stolen from its computers in December.

    In a statement to the office of Maine's Attorney General this month, Flagstar Bank said it was compromised between December and April 2021. The organization's sysadmins, however, said they hadn't fully figured out whose data had been stolen, and what had been taken, until now. On June 2, they concluded criminals "accessed and/or acquired" files containing personal information on 1,547,169 people.

    "Flagstar experienced a cyber incident that involved unauthorized access to our network," the bank said in a statement emailed to The Register.

    Continue reading
  • Top chip foundries grow amid electronics spending slowdown. Except Samsung
    Chaebol hit by lower demand for smartphones and TVs plus 4nm yield issues

    The demand for consumer electronics has slowed down in the face of inflation – but that didn't stop nine of the world's 10 largest contract chip manufacturers from growing in the first three months of the year.

    That's according to Taiwanese research firm TrendForce, which said on Monday the collective revenues for the top 10 chip foundries grew 8.2 percent to $31.96 billion in the first quarter of 2022 from the previous quarter. That's a hair slower than the 8.3 percent quarterly growth reported for the top-ten foundries in the fourth quarter of last year.

    On a broader level, TrendForce said this revenue growth came from a mix of "robust wafer production" and foundries continuing to raise the prices of wafers as a result of high demand.

    Continue reading

Biting the hand that feeds IT © 1998–2022