FCC, FTC launch inquiry into smartphone security updates

The FCC said the joint inquiry by the commissions was "to better understand, and ultimately to improve, the security of mobile devices".

Smartphone makers such as Apple Inc. and Google and mobile carriers including AT&T Inc. and Verizon Communications Inc. were asked by federal regulators to explain how they review and release security updates.

The Federal Trade Commission (FTC), meanwhile, ordered eight gadget makers "to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices". The FTC has asked for similar information from Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung. "To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise".

The agencies are opening the inquiry about how mobile carriers and manufacturers handle security updates for mobile devices because consumers and businesses are conducting a growing amount of daily activities on mobile devices and new questions have been raised about how the security of mobile communications.

The CTIA wireless industry's trade group issued a statement saying that customer security is a top priority for carriers, and that mobile operators make updates available as soon as they're "thoroughly tested". While Google did put a patch out for several Android vulnerabilities, including Stagefright later in 2015, not every device has had the update and that lack of consistency is apparently what the FCC is anxious about, according to The Verge.

"We're attempting to get an assessment on the state of what carriers do to push out patches for device vulnerabilities, how quickly they do it, and what are some of the barriers and challenges they have", said Neil Grace, a spokesman for the FCC.

KitGuru Says: It is true that some Android device makers are more concerned about security updates than others.

The change came after security researcher Joshua Drake found a vulnerability that could allow attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened.

Source: FCC, FTC launch inquiry into smartphone security updates