Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

FCC, FTC Investigate Mobile Device Patching Practices

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) have joined forces in an effort to analyze the security update practices of mobile carriers and device manufacturers.

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) have joined forces in an effort to analyze the security update practices of mobile carriers and device manufacturers.

The FTC announced on Monday that it has ordered Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola and Samsung to provide information on the factors they take into consideration when deciding if a certain vulnerability should be patched.

The eight companies have also been asked to provide information on the specific mobile devices they have been selling to consumers since 2013, which vulnerabilities affected those devices, and if and when those flaws have been patched.

The FCC has sent out letters to mobile carriers, asking them about their practices for reviewing and releasing security updates for mobile device. The FCC has instructed carriers to answer a set of 20 questions, including consumer-specific questions and ones related to the Stagefright vulnerability affecting the Android operating system.

The FCC is displeased with the fact that while service providers and manufacturers have created fixes, there are significant delays in the delivery of the patches to consumers’ devices and in many cases older smartphones and tablets never get the security updates.

Carriers and device manufacturers have been given 45 days to answer the questions sent by the FTC and the FCC.

“The FTC and FCC’s inquiries demonstrate that it’s no longer safe to assume having security on a device-only level is sufficient. With the multitudes of recent cyber attacks and corresponding delay in security patches, we’re seeing a wide window where user’s sensitive data is exposed and vulnerable. Organizations need to look at security on the application and data level, providing a layer of security when data must be stored on a device, but also keeping as much data off the device as possible,” Kia Behnia, CEO of PowWow Mobile, told SecurityWeek.

“These inquiries will place increased pressure on vendors to speed up the deployment of the security updates. This will also force IT departments to revamp their internal policy around BYOD, putting more restrictions on what types of devices their users can bring into the workplace,” Behnia said.

Related: Asus Settles FTC Charges Over Router Security

Related: Oracle Settles FTC Charges Over Java Security Updates

Related: HTC Settles US Charges of Security Flaws on Devices

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Mobile & Wireless

South Dakota Gov. Kristi Noem says her personal cell phone was hacked and linked it to the release of documents by the January 6...

Cybercrime

A digital ad fraud scheme dubbed "VastFlux" spoofed over 1,700 apps and peaked at 12 billion ad requests per day before being shut down.

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Application Security

Software maker Adobe on Tuesday released security patches for 29 documented vulnerabilities across multiple enterprise-facing products and warned that hackers could exploit these bugs...