Mobile Security Update Probe Launched By US Authorities

Two US federal agencies have announced an official investigation into the security update policies of several of the world’s largest smartphone manufacturers and mobile operators.

The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) each announced they would join forces to “better understand” how the industry issues security updates to address flaws in smartphones, tablets, and other mobile devices.

Security Updates

The FTC said that it has sent a letter to six mobile operators “asking questions about their processes for reviewing and releasing security updates for mobile devices.”

The FCC meanwhile has approached mobile manufacturers, with Apple; Blackberry; Google; HTC America; LG Electronics USA; Microsoft; Motorola Mobility; and Samsung Electronics America all contacted.

All the companies that have been contacted by either body now have to provide a written response within 45 days.

The FCC said it has ordered the above companies to provide information on “the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device.”

Smartphone makers also have to provide “detailed data on the specific mobile devices they have offered for sale to consumers since August 2013; the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities,” it said.

“As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use,” said the FCC.

“There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including “Stagefright” in the Android operating system, which may affect almost 1 billion Android devices globally.”

Patchy Patches?

Google only provided a patch for Stagefright back in August 2015, months after the flaw was first discovered in April 2015 by security firm Zimperium. It found the flaw could allow an attacker to take control of a device by sending a maliciously crafted video message.

Following that, both Google and Samsung pledged last August they would begin issuing monthly security updates for Android.

But whilst a smartphone manufacturer may issue a security update, there is no guarantee a mobile operator will authorise its distribution to its customer base.

For example, last year researchers from the University of Cambridge claimed many Android smartphones were not being supplied with the proper security protection, as manufacturers fail to provide fixes in a timely fashion.

Are you a security pro? Try our quiz!

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago