FCC, FTC Probe Carriers' Mobile Security Patch Protocols


To help you optimize security as you cope with complexity, InformationWeek is offering you an excl

The FCC and the FTC want to know how mobile carriers, such as Verizon Wireless, T-Mobile, and AT&T, are responding to mobile threats and protecting consumers with security patches.

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) are joining forces to help determine how long it takes mobile device security updates to roll out to consumers.

The partnership between the two agencies, announced May 9, will examine how patches are distributed.

First, the FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

In addition, Jon Wilkins, Chief of the FCC's Wireless Telecommunications Bureau, sent a letter to mobile carriers asking questions about their processes for reviewing and releasing security updates for mobile devices.

In an interview with Bloomberg, Neil Grace, a spokesman for the FCC, confirmed that the carriers are AT&T, Verizon Wireless, T-Mobile, Sprint, U.S. Cellular Corp., and TracFone Wireless.

"Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered," an FCC release stated. "To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices -- and that older devices may never be patched."

Of the growing number of vulnerabilities associated with mobile operating systems, the FCC specifically singled out the Stagefright bug in the Android operating system, which could affect almost 1 billion Android devices worldwide.

Stagefright can be exploited through a malicious audio or video file. The bug is in how Android processes metadata, so the target doesn't need to actually open the audio or video file, but merely preview it.

[Read how the FCC is asking ISP to protect consumer privacy.]

In the letter to carriers, the FCC requests that these companies provide the agency with a detailed response to the matter of mobile security patches within 45 days of the date of the letter. The letter also notes the FTC is separately seeking information from operating system providers and original equipment manufacturers.

"We hope that the efforts of our two agencies will lead to a greater understanding of what is being done today to address mobile device vulnerabilities -- and what can be done to improve mobile device consumer safety and security in the future," the letter states.

The 20-question form, also available to read online, is broken down into four areas, including general questions, development and release of security updates questions, consumer-specific questions, and Stagefright-specific questions.

According to the FTC's request, among the information that carriers must provide under the orders are: the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device, detailed data on the specific mobile devices they have offered for sale to consumers since August 2013, the vulnerabilities that have affected those devices, and whether and when the company patched such vulnerabilities.

The orders issued by the FTC are part of the agency's ongoing efforts to understand the security of consumers' mobile devices, including a workshop in 2013 and a follow-on public comment period in 2014.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Moon+ Reader Pro v3.4.7 Apk | .Com

    Better designed book reader with powerful controls & full functions, supports epub, pdf, mobi, chm, cbr, cbz, umd, fb2, txt, html, rar, zip or OPDS formats.• 24 customized operations (screen click, swipe gesture, hardware keys), apply to 15 customized events: search, bookmark, themes, navigation, font size and more.
  • 5300c769af79e

    Nucleus is a Wi-Fi intercom with Alexa inside

    The Nucleus isn’t your grandma’s intercom.The Nucleus is sleek and modern, with sloping edges that hug the drywall surface to which it’s affixed.
  • 5300c769af79e

    Question of the Day: Buy Any New Tech Toys During Black Friday or Cyber Monday?

    There has been no shortage of deals this holiday shopping season, so we wanted to circle back and see if you picked up any new toys while all of the Black Friday and Cyber Monday madness has been taking place.Did you buy your partner a tech goodie?
  • 5300c769af79e

    Getty Images Launches VR Platform

    One of the world's most comprehensive stock photo agencies is dipping its toe into the virtual reality pool.The library, which already houses more than 12,000 360-degree visuals, will add new content every day, including high-resolution gigapixel photos from major events and venues.