By Paul Thurrot
Regulators from the U.S. Federal Trade Commission (FTC) and Federal Communications Commission (FCC) are working jointly to discover more about how mobile device makers are patching security vulnerabilities. And they’ve reached out to device makers big and small to find out more.
“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” an FCC announcement notes. “There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally.”
The agencies have reached out to major players like Apple, Google, and Samsung as well as a host of other mobile device hardware makers such as Blackberry, HTC, LG Electronics. Microsoft, and Motorola Mobility. And they have asked for information about how the firms issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
More specifically, the FCC and FTC have asked:
- The factors that hardware makers consider in deciding whether to patch a vulnerability on a particular mobile device
- Detailed data on the specific mobile devices they have offered for sale to consumers since August 2013
- The vulnerabilities that have affected those devices Whether and when the company patched such vulnerabilities.
Obviously, Android is the biggest issue here, as Apple routinely updates its software and cites the success its had getting its users to upgrade in a timely manner. Other firms, like Blackberry and Microsoft, are less of a concern given their small and steadily declining user bases. But since consumers tend to hold on to phones for at least a few years, it’s likely that there are many phones out there with unpatched vulnerabilities.
I am curious that the FCC and FTC are not focusing more on wireless carriers, since it is the carriers that block updates from reaching consumers, especially with Android. Both agencies do mention the carriers in passing, with the FTC noting that it is “conducting a separate, parallel inquiry into common carriers’ policies regarding mobile device security updates.” What it finds will no doubt be horrifying, but this probe could lead to some long-overdue changes.
For data source please write the editor