Many Second Hand Phones Are Sold with Security Vulnerabilities
Many Second Hand Phones Are Sold with Security Vulnerabilities

A substantial proportion of second hand mobile phones are vulnerable to being hacked due to not being supported by important security updates, an investigation by Which? has found.

The analysis centered around three popular mobile phone retailers: SmartFoneStore, Music Magpie and CeX. The worst affected was CeX, where nearly a third (31%) of phones sold are no longer supported by security updates from manufacturers. For SmartFoneStore, 17% of models sold were unsupported, while for Music Magpie it was 20%.

This is providing cyber-criminals with opportunities to target older vulnerabilities in these devices.

Which? said that it presented the three companies with the findings, and since then SmartFoneStore has issued a warning on unsupported devices so people are aware before they buy them, while Music Magpie has removed all the affected devices from sale. However, it has not yet received a response from CeX.

Which? has advised that customers check the manufacturer’s security updates page to find out this information before purchasing a used phone.

Commenting on the findings, Jake Moore, cybersecurity specialist at ESET, said: “It may sound like a great deal to purchase an older and cheaper device, but unfortunately you can’t put a price on security.

“Older phones notoriously have a use-by-date when they are no longer supported by security patches. These devices will often still work as normal on the surface, but threat actors can use older vulnerabilities under the hood to target their victims with ease, so those at risk must be reminded to check which operating system it currently supports before purchasing.”

For phones operating off an Android operating system, there will typically be two years of operating system updates and three years of security updates. For Apple iPhones, system and security updates are usually packaged together and these will continue for an average of five to six  years.

We’re Onebyte

Onebyte is an IT service provider that specialises in providing strategically aligned, compliance-driven, managed IT services to SMEs in London, Norfolk, Suffolk, Essex and Cambridgeshire.

This different approach to managing information and technology is guaranteed to find and eliminate risk, increase efficiency and empower our client’s businesses to leverage technology which will provide a real return on the investment they make in their IT and help realise their vision.

News Source: https://www.infosecurity-magazine.com/