The Federal Communications Commission has joined with the Federal Trade Commission to launch an inquiry into mobile device security.
As part of that investigation, the FCC’s Wireless Bureau has contacted wireless carriers asking questions about their processes for reviewing and releasing security updates for mobile devices, while the FTC has “ordered” eight device manufacturers to provide it information on how they issue security updates to address security vulnerabilities in smartphones, tablets and other devices.
Both the FCC and FTC are concerned about broadband privacy and the security of personal information as the world’s business and entertainment is increasingly mobile device-driven. They are worried that any lag in patching vulnerabilities once discovered could leave consumer data unprotected.
While the FCC gives companies credit responding to those vulnerabilities with patches, there are delays in getting them to the devices, with some older devices perhaps never getting the patches.
“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including ‘Stagefright’ in the Android operating system, which may affect almost 1 billion Android devices globally,” the FCC said in launching the joint inquiry.
Wireless carriers suggested they weren’t seeing the same lag in letting customers know about the fixes, beyond the time necessary to test them.
“Customers’ security remains a top priority for wireless companies, and there is a very strong partnership among carriers, OS [operating system] providers and OEMs [original equipment manufacturers],” said John Marinho, VP of technology and cybersecurity for CTIA, which represents mobile carriers. “As soon as OS providers and OEMs release security updates that are thoroughly tested, carriers deploy and encourage all customers to take advantage of the updates to protect their devices and personal information from cyberthreats.”
— Broadcasting & Cable