Mobile Threat Catalogue

Improper OS Update Validation


Threat Category: Mobile Operating System


Threat Description: Improper operating system update validation leaves the device vulnerable to malicious OS updates.

Threat Origin

UAE cellular carrier rolls out spyware as a 3G update 1

Exploit Examples

Not Applicable

CVE Examples

Not Applicable

Possible Countermeasures


Use EMM/MDM solutions in combination with devices that successfully enforce a policy to maintain a minimum OS patch level and block access to enterprise resources to non-compliant devices.

Purchase devices from vendors/carriers who have committed to providing timely updates or who have known track records for prompt updates.

Use EMM/MDM solutions in combination with other tools or device APIs (Android SafetyNet, Samsung Knox hardware-backed remote attestation, or other applicable remote attestation technologies) to detect and block enterprise connectivity from devices that show indications of device compromise.

Prior to authorizing general users to install an upgrade to an untested and potentially malicious software update, evaluate the behavior of the update on test devices to determine if it appears to be free of malicious or vulnerable behaviors.

Use devices that require updates to be signed by the device vendor.


  1. J. Timmer, “UAE cellular carrier rolls out spyware as a 3G ‘update’”, Ars Technica, 23 Jul 2009; [accessed 8/23/2016]