The FCC has sent out official letters to AT&T, Sprint, T-Mobile,Verizon, US Cellular and Tracfone asking the wireless carriers how security patches are done. Meanwhile, the FTC has also sent official letters to Apple, Google, Samsung and five other device manufacturers with the same interest in security patches. According to CNET, US regulators are after an explanation of how vulnerabilities and security patches are handled within each company and why they sometimes take awhile to release. The FCC said this was “to better understand, and ultimately to improve, the security of mobile devices.”
WASHINGTON, May 9, 2016 – The Federal Communications Commission today joined the Federal Trade Commission to better understand, and ultimately to improve, the security of mobile devices. Wireless Telecommunications Bureau Chief Jon Wilkins sent a letter to mobile carriers asking questions about their processes for reviewing and releasing security updates for mobile devices. At the same time, the FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use. There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including “Stagefright” in the Android operating system, which may affect almost 1 billion Android devices globally.
Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.
The Commission will continue its longstanding partnership and work cooperatively with the FTC on this issue. Responses to the letters will inform discussions with industry about possible solutions and be shared with the FTC.
Over the years mobile devices have become more popular not only for leisure use but for business use and have often become primary devices for many. If the FCC and FTC are trying to work with companies to improve the release of security patches, then that can only be a good thing.
What do you think of this story? Let us know in the comments below or on Twitter, Facebook and Google+.