Mobile devices are even more vulnerable to Meltdown and Spectre than PCs

Only four per cent of devices have been patched - and many can't be

As many as a quarter of business mobile devices are not only vulnerable to malicious attacks, but cannot be patched to fix the flaws.

Infosec firm Bridgeway has found that only four per cent of enterprise smartphones and tablets in the UK have been patched against Meltdown and Spectre, the chip vulnerabilities that were disclosed earlier this month.

Up to 72 per cent of devices are still exposed to both types of attack, Bridgeway found in its analysis of more than 100,000 mobile products - despite Google and Apple deploying patches for their respective operating systems last week.

Many devices are running older operating systems - especially Android, where OS fragmentation is high - and Bridgdeway has warned that these might never be patched: ‘This is because these OS versions and devices will be unsupported by their hardware and OS manufacturers and in these cases, the only option remaining for the organisation will be to replace the devices with new.'

"Mobile devices, although equally at risk as traditional PCs and servers, may not have been top of the IT department's priority patch list, but with increasing amounts of sensitive corporate data being stored and accessed from these devices, they should be," said Jason Holloway, managing director of Bridgeway.

"Mobile devices are the new target for hackers, who will be looking to exploit these flaws as quickly as they can. Organisations need to patch their mobile devices now, before they can be targeted."

Spectre and Meltdown are vulnerabilities first reported by Google last June, and made public this month. They use flaws in the way that chips use speculative execution to reveal private information to attackers, and affect hardware from all chip vendors.