Mobile Security Update Probe Launched By US Authorities

Two US federal agencies have announced an official investigation into the security update policies of several of the world’s largest smartphone manufacturers and mobile operators.

The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) each announced they would join forces to “better understand” how the industry issues security updates to address flaws in smartphones, tablets, and other mobile devices.

Security Updates

The FTC said that it has sent a letter to six mobile operators “asking questions about their processes for reviewing and releasing security updates for mobile devices.”

The FCC meanwhile has approached mobile manufacturers, with Apple; Blackberry; Google; HTC America; LG Electronics USA; Microsoft; Motorola Mobility; and Samsung Electronics America all contacted.

All the companies that have been contacted by either body now have to provide a written response within 45 days.

The FCC said it has ordered the above companies to provide information on “the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device.”

Smartphone makers also have to provide “detailed data on the specific mobile devices they have offered for sale to consumers since August 2013; the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities,” it said.

“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” said the FCC.

“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including “Stagefright” in the Android operating system, which may affect almost 1 billion Android devices globally.”

Patchy Patches?

Google only provided a patch for Stagefright back in August 2015, months after the flaw was first discovered in April 2015 by security firm Zimperium. It found the flaw could allow an attacker to take control of a device by sending a maliciously crafted video message.

Following that, both Google and Samsung pledged last August they would begin issuing monthly security updates for Android.

But whilst a smartphone manufacturer may issue a security update, there is no guarantee a mobile operator will authorise its distribution to its customer base.

For example, last year researchers from the University of Cambridge claimed many Android smartphones were not being supplied with the proper security protection, as manufacturers fail to provide fixes in a timely fashion.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

8 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

11 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

12 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

13 hours ago