Nine out of 10 enterprise mobile devices are using out-of-date operating systems, according to a new study, with upgrade issues increasing users' exposure to breaches, Duo Security warns.

The analysis of more than one million actual iOS and Android mobile devices users in enterprises revealed that running updates is still hit and miss, while hopelessly weak mobile password security is also an issue in a significant minority of cases, especially with Android users.

Key findings from Duo Security study reveal:

80 per cent of iPhone users are not running the latest iOS 9.2 release

90 per cent of Android devices have not updated to the latest 5.1 Android operating system

32 per cent of Android users are running version 4.0 or older, leaving them susceptible to known malware such as Stagefright as a result

One in 20 of Android devices have no password on their lock screen

Duo Security estimates 20 million enterprise mobile devices are no longer supported by the device manufacturer and therefore cannot be updated to the latest version of software to protect them against new malware.

Although the biggest threat is via out-of-date or unwatchable droids, there’s also a patching issue with iPhones and iPads. Outdated iOS devices are vulnerable to well-known attacks, such as Ins0mnia and Quicksand, Duo warns.

An estimated 95 per cent of data breaches are caused by compromised user credentials, according to the latest data breach report by Verizon. Duo Security argues that keeping mobile devices upgraded tackles a big part of this problem.

More on the study – together with advice in easing mobile patching headaches – can be found in a blog post by Duo Security here. ®

Bugnote

The infamous Stagefright vulnerability allows an attacker to compromise an Android device via an MMS message.