FCC, FTC Probe Carriers' Mobile Security Patch Protocols


To help you optimize security as you cope with complexity, InformationWeek is offering you an excl

The FCC and the FTC want to know how mobile carriers, such as Verizon Wireless, T-Mobile, and AT&T, are responding to mobile threats and protecting consumers with security patches.

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are joining forces to help determine how long it takes mobile device security updates to roll out to consumers.

The partnership between the two agencies, announced May 9, will examine how patches are distributed.

First, the FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

In addition, Jon Wilkins, Chief of the FCC's Wireless Telecommunications Bureau, sent a letter to mobile carriers asking questions about their processes for reviewing and releasing security updates for mobile devices.

In an interview with Bloomberg, Neil Grace, a spokesman for the FCC, confirmed that the carriers are AT&T, Verizon Wireless, T-Mobile, Sprint, U.S. Cellular Corp., and TracFone Wireless.

"Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered," an FCC release stated. "To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices -- and that older devices may never be patched."

Of the growing number of vulnerabilities associated with mobile operating systems, the FCC specifically singled out the Stagefright bug in the Android operating system, which could affect almost 1 billion Android devices worldwide.

Stagefright can be exploited through a malicious audio or video file. The bug is in how Android processes metadata, so the target doesn't need to actually open the audio or video file, but merely preview it.

[Read how the FCC is asking ISP to protect consumer privacy.]

In the letter to carriers, the FCC requests that these companies provide the agency with a detailed response to the matter of mobile security patches within 45 days of the date of the letter. The letter also notes the FTC is separately seeking information from operating system providers and original equipment manufacturers.

"We hope that the efforts of our two agencies will lead to a greater understanding of what is being done today to address mobile device vulnerabilities -- and what can be done to improve mobile device consumer safety and security in the future," the letter states.

The 20-question form, also available to read online, is broken down into four areas, including general questions, development and release of security updates questions, consumer-specific questions, and Stagefright-specific questions.

According to the FTC's request, among the information that carriers must provide under the orders are: the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device, detailed data on the specific mobile devices they have offered for sale to consumers since August 2013, the vulnerabilities that have affected those devices, and whether and when the company patched such vulnerabilities.

The orders issued by the FTC are part of the agency's ongoing efforts to understand the security of consumers' mobile devices, including a workshop in 2013 and a follow-on public comment period in 2014.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    iPhone Shipments Decline As Smartphone Market Cools Worldwide

    There is a renewed focus on risk data aggregation and reporting (RDAR) solutions, as financial ins Chinese vendors like OPPO and vivo show impressive leaps in growth as the overall market for smartphone shipments cools down.Samsung and Apple remained at the top of the smartphone manufacturing pile, even though its year-over-year shipments of the iPhone dropped for the first time.
  • 5300c769af79e

    Bluetooth 5: Five Things For IT To Know

    Until then, here are five things you need to know about Bluetooth 5 and what it can mean for your enterprise.Along wth additional range, Bluetooth 5 is predicted to feature twice the transmission speed of Bluetooth V4.
  • 5300c769af79e

    RIP, Google Cast. Hello, "Chromecast Built-In."

    ” In a way, that seems to be Google saying that Google Cast is still the technology, but for branding purposes, Chromecast is the future.While I’m sure many of us will still consider it casting to and from a TV or speaker, branding-wise, just saying that products have “Chromecast built-in” helps unify the experience.
  • 5300c769af79e

    Report: Foxconn Manager Steals $1.5M Worth of iPhones

    A former manager at Apple manufacturer Foxconn apparently had a lucrative iPhone theft scheme going on for some time, but is now the one about to pay.From 2013 to 2014, the man and his accomplices reportedly stole around 5,700 iPhones and sold them to stores, raking in nearly $2.