The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are launching parallel probes into the mobile industry’s security update practices. The agencies want to determine how manufacturers issue security updates for mobile devices, and how carriers review and release the patches.
“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” stated an FCC press release.
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally.”
In all, the FTC has contacted eight companies – Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola and Samsung – to gain insight into how manufacturers determine if a vulnerability needs to be patched. It has also asked for a list of all devices offered for sale since 2013, with information on any bugs that have impacted them and any fixes that were issued.
The main concern is that delays in developing patches may be leaving devices unprotected. Older devices may never receive the necessary protection.