Virtual Event Today: Cyber AI & Automation Summit - Register/Login Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Mobile & Wireless

FCC, FTC Investigate Mobile Device Patching Practices

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) have joined forces in an effort to analyze the security update practices of mobile carriers and device manufacturers.

The Federal Trade Commission (FTC) and the Federal Communications Commission (FCC) have joined forces in an effort to analyze the security update practices of mobile carriers and device manufacturers.

The FTC announced on Monday that it has ordered Apple, BlackBerry, Google, HTC, LG, Microsoft, Motorola and Samsung to provide information on the factors they take into consideration when deciding if a certain vulnerability should be patched.

The eight companies have also been asked to provide information on the specific mobile devices they have been selling to consumers since 2013, which vulnerabilities affected those devices, and if and when those flaws have been patched.

The FCC has sent out letters to mobile carriers, asking them about their practices for reviewing and releasing security updates for mobile device. The FCC has instructed carriers to answer a set of 20 questions, including consumer-specific questions and ones related to the Stagefright vulnerability affecting the Android operating system.

The FCC is displeased with the fact that while service providers and manufacturers have created fixes, there are significant delays in the delivery of the patches to consumers’ devices and in many cases older smartphones and tablets never get the security updates.

Carriers and device manufacturers have been given 45 days to answer the questions sent by the FTC and the FCC.

“The FTC and FCC’s inquiries demonstrate that it’s no longer safe to assume having security on a device-only level is sufficient. With the multitudes of recent cyber attacks and corresponding delay in security patches, we’re seeing a wide window where user’s sensitive data is exposed and vulnerable. Organizations need to look at security on the application and data level, providing a layer of security when data must be stored on a device, but also keeping as much data off the device as possible,” Kia Behnia, CEO of PowWow Mobile, told SecurityWeek.

“These inquiries will place increased pressure on vendors to speed up the deployment of the security updates. This will also force IT departments to revamp their internal policy around BYOD, putting more restrictions on what types of devices their users can bring into the workplace,” Behnia said.

Advertisement. Scroll to continue reading.

Related: Asus Settles FTC Charges Over Router Security

Related: Oracle Settles FTC Charges Over Java Security Updates

Related: HTC Settles US Charges of Security Flaws on Devices

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Mobile & Wireless

Infonetics Research has shared excerpts from its Mobile Device Security Client Software market size and forecasts report, which tracks enterprise and consumer security client...

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Mobile & Wireless

Samsung smartphone users warned about CVE-2023-21492, an ASLR bypass vulnerability exploited in the wild, likely by a spyware vendor.

Mobile & Wireless

Critical security flaws expose Samsung’s Exynos modems to “Internet-to-baseband remote code execution” attacks with no user interaction. Project Zero says an attacker only needs...

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.

Malware & Threats

Apple’s cat-and-mouse struggles with zero-day exploits on its flagship iOS platform is showing no signs of slowing down.

Mobile & Wireless

Asus patched nine WiFi router security defects, including a highly critical 2018 vulnerability that exposes users to code execution attacks.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.