FCC and FTC Want to Figure Out Why Security Updates Take so Long to Get to You


Because security is always of the utmost importance, but maybe even more so today on mobile because we all have a smartphone and use it for everything we do, the FCC wants to figure out why it’s taking carriers and manufacturers such a long time to get you updates, namely security patches. Yesterday, through a press release, the FCC announced that it is partnering with the FTC to open an inquiry into mobile device security updates. The basic idea here is that they want carriers and manufacturers to tell them their process for updating, to see what can be improved. 

The announcement from the FCC name-drops Stagefright as an example, a vulnerability that really had the potential to be a disaster for many people, but has since been patched a number of times by Google. Stagefright was such a big deal during much of last year that companies like Google, Samsung, and LG all promised monthly security patches to try and protect users going forward. Unfortunately, not everyone got on board with the monthly schedule and there could be millions of vulnerable people still to date with older devices that are no longer supported by OEMs or carriers.

The FCC sent letters carriers with questions about the processes for “reviewing and releasing security updates for mobile devices.” They want to know things like, if the carrier faces issues or hurdles in releasing updates, if there are hurdles getting users to install new updates, if carriers know if updates have been installed, and if security vulnerabilities in mobile devices pose threats to their networks. They also want to know all of the parties involved in getting an update ready and pushed out, how this process works differently from one operating system to the next, and when do carriers cut off security patch support for devices.

I can’t help but applaud the FCC for probing carriers over security updates, but will say that many of them have become quite good at getting out the monthly patches that start with Google and then carry on through companies like Samsung, LG and HTC. Thankfully, the FTC says that it is going after eight phone manufacturers (Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola Mobility, and Samsung) to find out similar information. That’s a good thing, because there are certainly a couple that need to get with the program.

All parties have 45 days to respond to the FCC and FTC, so it could be a while before we know anything, including findings, thoughts, and if there are going to be recommendations for improving the entire process.

0 Comment

Leave a Reply

Captcha image


  • 5300c769af79e

    Samsung may name its voice assistant ‘Bixby,’ and debut it on the Galaxy S8

    On Sunday, Samsung announced it would include a new AI assistant with its forthcoming Galaxy S8, and that it would combine conversational language and integration with third-party services to perform tasks, dictate messages, and respond to queries on demand.“The deal showcases Samsung’s commitment to virtual personal assistants,” Injong Rhee, CTO of Samsung’s Mobile Communications business, said in a press release following the acquisition.
  • 5300c769af79e

    Bragi Intros 'The Headphone' Wireless Earbuds, Major Bragi OS Software Update

    The idea behind The Headphone is to provided everyone with an affordable, hassle free wireless earbud experience.Essentially, Bragi is offering The Dash as The Headphone, minus a lot of the added goodies that make The Dash a $200+ product.
  • 5300c769af79e

    Apple WWDC 2016: iOS, Siri Updates Expected

    With the company's iPhone sales and revenue decline, the pressure is on.At the event, we expect to see refreshes to iOS and Siri, and seven other updates.
  • 5300c769af79e

    The Convergence of Security and Compliance eBook

    Download IT security and compliance professionals are under constant pressure to ensure ongoing compliance with industry regulations such as the Payment Card Industry (PCI) Data Security Standard, required for retailers and other merchants, or HIPAA /HITECH, required for healthcare organizations.This eBook defines potential compliance and security gaps, identifies what effect these gaps can have on your organization, and explains how a positive security solution can close these gaps to protect servers and endpoints while ensuring compliance with industry regulations.