The U.S. Federal Trade Commission and the Federal Communications Commission on Monday announced a joint investigation into the issue of mobile device security updates. The FTC issued an order requiring eight mobile device manufacturers -- Apple, BlackBerry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility and Samsung Electronics America -- to provide information about how they issue security updates to address mobile device vulnerabilities. The information they must provide includes the following: • What factors they consider when deciding whether to patch a vulnerability; • Detailed data on the mobile devices they've offered for sale since August 2013; • The vulnerabilities that have affected those devices; and •
Whether and when they patched the vulnerabilities. FTC members voted unanimously to issue the order under Section 6(b) of the FTC Act. It's part of the commission's ongoing efforts to understand the security of consumers' mobile devices, which included a workshop in 2013 and a follow-up public comment period in 2014. Carrier Focus On Monday, Jon Wilkins, the FCC's Wireless Telecommunications Bureau chief, wrote to wireless carriers asking about their processes for releasing security updates. His letter is divided into four sections: general questions, questions about the development and release of security updates, consumer-specific questions, and questions specific to the Stagefright Android bug. The letter was sent to AT&T, Verizon, T-Mobile, U.S. Cellular, Sprint and TracFone, FCC spokesperson Neil Grace said. "The letters were sent yesterday, so I can't confirm that we've received responses," he told TechNewsWorld. Reason for Concern America's shift to mobile devices has been speeding up. Meanwhile, vulnerabilities associated with mobile operating systems, including Stagefright -- which may affect almost 1 billion Android devices worldwide -- are increasing, the FCC said. NorthBit earlier this year detailed a new version of Stagefright, named "Metaphor," which affects 30 percent of all Android devices. Delays in patching vulnerabilities could leave consumers unprotected for long periods, the FCC asserted. OS providers, original equipment manufacturers and mobile service providers have addressed vulnerabilities as they arise, but there are significant delays in delivering patches to devices, and older devices might never get patched.
0 comments: