Just 4% of business mobile devices are safe from Meltdown and Spectre

Mobile phone

Just 4% of business mobile devices have been patched against the Meltdown and Spectre chip vulnerabilities that wreaked havoc across the tech industry at the start of the year.

The data is courtesy of security firm Bridgeway, which carried out an analysis of more than 100,000 business mobile devices.

The outfit's report not only discovered that 96% of smartphones are still not patched against the threat, it also claimed 72% of devices are currently exposed to both attacks, despite tech giants Google and Apple deploying software fixes for their respective operating systems last week.

That might have something to do with Bridgeway's other claim that a further 24% of devices are likely to be vulnerable and currently impossible to patch due to their age. For these phones, Bridgeway warned, the only option remaining for an organisation is to replace them with new ones.

"This is because these OS versions and devices will be unsupported by their hardware and OS manufacturers and in these cases, the only option remaining for the organisation will be to replace the devices with new," the security firm explained in a blog post.

"Mobile devices, although equally at risk as traditional PCs and servers, may not have been top of the IT department's priority patch list, but with increasing amounts of sensitive corporate data being stored and accessed from these devices, they should be," added Jason Holloway, managing director of Bridgeway.

"Mobile devices are the new target for hackers, who will be looking to exploit these flaws as quickly as they can. Organisations need to patch their mobile devices now, before they can be targeted."

IT departments should check device manufacturers' websites for the availability of updates, Bridgeway advised, and apply them across their device estates as soon as possible.

Meltdown and Spectre are vulnerabilities that exploit a serious design flaw only found earlier this month - Meltdown was found to be in all Intel chips made in the last 10 years, which Intel is hurriedly patching, while Spectre affects AMD and ARM, among others. Both leave devices vulnerable to hackers.

The bug allows normal user programs, such as database applications and JavaScript in web browsers, to distinguish some of the layout or contents of protected kernel memory areas of the chips, which have been reported to cause performance hits on some machines.

The Meltdown flaw affects all systems running Intel x86 chips and is present across all popular operating systems, including Windows, Linux, and macOS, and have required an operating system (OS) update in order to fix it.

Congress has questioned chip manufacturers about their response to the flaws, calling them "glaring warning signs that we must take cybersecurity more seriously".