News
FTC and FCC sent letters to eight device manufacturers and a number of U.S. mobile operators.
Apple, Google and major U.S. mobile operators have received requests from U.S. regulators to provide information on how they tackle mobile device security updates, amid concerns that there are delays in patching vulnerabilities that leave consumers at risk of cyber attacks.
In two separate statements, the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) said they had sent orders to eight mobile device manufacturers: Apple; Blackberry; Google; HTC America; LG Electronics USA; Microsoft; Motorola Mobility; and Samsung Electronics America.
Reuters also reported that the FCC sent letters to AT&T, T-Mobile, Verizon, Sprint, U.S. Cellular and TracFone Wireless.
The FCC said it was working with the FTC to seek more understanding on how the companies issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
The regulator expressed concerns that there have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device.
“There are, however, significant delays in delivering patches to actual devices and that older devices may never be patched,” the FCC observed, noting that consumers “may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered.”
It cited issues such as “Stagefright” in the Android operating system, which it said might affect almost 1 billion Android devices globally. This is the collective name for a group of software bugs that allow an attacker to perform arbitrary operations on the victim device through remote code execution and privilege escalation.
The FTC has requested information such as detailed data on the specific mobile devices offered for sale to consumers since August 2013; the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities.
The FCC added that responses to its letters would inform discussions with industry about possible solutions and be shared with the FTC.
