Information Security: End of Life? End of Support?
Are your device and its operating system (OS) up-to-date?
Well, to stay safe, if you own a smart phone or a tablet, you should check the support policies of the hardware and software vendor. Checking policies will keep you informed of which products and their operating systems will be newly released, still currently supported, or at the end of their support cycle.
Two terms need clarification: OS end-of-life and OS end-of-support. What is the difference you ask? End-of-life is a term used to refer to products supplied to customers. When a product is at end-of-life, it means the vendor will no longer advertise or sell the product to customers. The term also refers to end-of-sale. End-of-support, however, refers to the device service.
When an OS is at end-of-support, there will be a discontinuation of updates for security patches, software applications, etc. End-of-support is an event that increases the security risk associated with the device because unpatched devices lead to easy targets for software vulnerabilities, attacks, threats, malware, viruses, and intrusions.
There are many devices and OS’s on the market today, but we want to focus on three that are most commonly used in the Touro community. The first is the BlackBerry.
The BlackBerry is a commonly used mobile device among businesspeople. We won’t go into detail about BlackBerry’s support policies for each of their OS, Enterprise Servers, Enterprise Services, and Software Applications, but the website lists BlackBerry’s support policies. BlackBerry has ended support for the following OS’s:
- BlackBerry 6 OS ended support in December 2013
- BlackBerry 7 OS ended support in July 2014
- BlackBerry 10 OS versions 10.0, 10.1 and 10.2.0 ended support in December 2014
Ended support means that any devices operating under BlackBerry 6, BlackBerry 7, or BlackBerry 10 versions 10.0, 10.1, and 10.2 are currently vulnerable to security exposures (e.g., maleware, viruses, etc.) and any user that uses these out of date devices are susceptible to security exposures while they continue to use them. It would be wise to upgrade to BlackBerry OS 10.3 or BlackBerry OS 10.4 which are still currently supported with the latest security updates.
Upgrading may sound easy, but we caution that there are obstacles to upgrading: your hardware. Is your hardware getting old? Old hardware may have compatibility issues with currently supported or newly released OSs. The mobile devices for BlackBerry 6 OS and BlackBerry 7 OS are already at end-of-life and are incompatible with the newer BlackBerry 10 OS.
Remember to back up your contact list and important documents, files or folders to an secure digital (SD) card before replacing the device for peace of mind and protection should something go wrong. And, after replacing the device and performing the upgrade, remember to download the latest version of antivirus software. This last piece will prevent maleware from getting on your device and wreaking havoc.
Blackberry is very common among business- people, but what about the everyday consumer? Android devices are commonly used among the general public. Android says (on its website forums) that their OS support lifecycle is 18 months based on its release date. Our research enabled us to determine that the following Android versions are no longer supported and require upgrade:
- Android v 2.2 – 2.2.3 “Froyo” was released on May 20, 2010
- Android v 2.3 – 2.3.7 “Gingerbread” was released on February 9, 2011
- Android v 4.0 – 4.0.4 “Ice Cream Sandwich” was released on December 16, 2011
- Android v 4.1 – 4.1.2 “Jelly Bean” was released on July 9, 2012
- Android v 4.2 – 4.2.2 “Jelly Bean” was released on November 13, 2012
- Android v 4.3 – 4.3.1 “Jelly Bean” was released on July 24, 2013
- Android v 4.4 – 4.4.4 “KitKat” was released on October 31, 2013
If you are running on one of the above versions of Android, it’s time to consider upgrading to Android v 5.0-5.1.1 “Lollipop” or Android v 6.0-6.0.1 “Marshmallow” (just released in October 2015). Users that choose not to upgrade their Android device to Lollipop or Marshmallow may be prone to security exposures such as malware.
Blackberry and Android procedures for upgrading are mature and easily available, but, what if you own an Apple iOS device such as iPhone or iPad? Unlike Blackberry and Android however, Apple does not advertise its support policies to the public; iOS users have to guess when their operating system will be discontinued. By reviewing the Apple website forums, we are able to determine the current iOS Support Lifespans:
- iOS 5 was released on October 2011 and ended its support in early 2014
- iOS 6 was released on September 2012 and ended its support in 2015
- iOS 7 was released on September 2013 and will end its support in 2017
If Apple continues the trend above, it can be assumed that the support policy for iOS security updates will last about 3 to 4 years.
Just recently, Apple has announced that it is time for iOS users to upgrade to the latest version of Apple’s mobile OS - iOS 9.3.1 (released on March 31, 2016). This announcement coincides with a security flaw that had been discovered in February 2016 by researchers. The flaw showed that iOS devices older than the latest version (9.3.1) were susceptible to being “bricked”; meaning that the device would become inoperable if a certain condition existed. I don’t know about you, but that would be a huge problem for many users!
It’s best to visit the products site before attempting an upgrade. The Apple iOS Support Matrix site is located at: http://iossupportmatrix.com/ where you can check for device compatibility. And, always remember to download the latest antivirus software after performing the upgrade.
Remember when Apple had no security flaws!
Regardless of which device you own, security risks can be found on any device with an OS that is no longer supported. OS upgrades for your device are essential to prevent such risks. And patching while the device is still current is equally important! After upgrading the OS, make sure that the security software is up-to-date to minimize the risk associated with the vulnerabilities.
If you have any questions or comments, please submit them to information.security@touro.edu.