Dear Visitor,

Our system has found that you are using an ad-blocking browser add-on.

We just wanted to let you know that our site content is, of course, available to you absolutely free of charge.

Our ads are the only way we have to be able to bring you the latest high-quality content, which is written by professional journalists, with the help of editors, graphic designers, and our site production and I.T. staff, as well as many other talented people who work around the clock for this site.

So, we ask you to add this site to your Ad Blocker’s "white list" or to simply disable your Ad Blocker while visiting this site.

Continue on this site freely
You are here: Home / Customer Data / Feds Want Mobile Security Patch Info
FCC, FTC Question How Companies Roll Out Mobile Security Patches
FCC, FTC Question How Companies Roll Out Mobile Security Patches
By Shirley Siluk / CRM Daily Like this on Facebook Tweet this Link thison Linkedin Link this on Google Plus
Separate investigations by the Federal Communications Commission (FCC) and the Federal Trade Commission (FTC) have been launched into how smartphone makers and wireless service providers handle device security updates for their customers.

Following a resolution adopted by FTC commissioners Friday, the agency is ordering eight mobile device companies to submit information about how and when they decide to issue security patches for vulnerabilities. The companies that must submit responses to those orders within 45 days are Apple, BlackBerry, Google, HTC America, LG Electronics USA, Microsoft, Motorola Mobility and Samsung Electronics America.

Six wireless carriers also have 45 days to respond to FCC questions about their security update policies and procedures for mobile devices. Those companies are AT&T, Sprint, T-Mobile, Tracfone, U.S. Cellular and Verizon.

'Concerned' About Patch Delays

The FCC said its investigation was prompted by the "growing number of vulnerabilities associated with mobile operating systems," including the "Stagefright" bug that could threaten nearly 1 billion Android devices around the world. Identified last year by a researcher at Zimperium zLabs, Stagefright led several companies, including Google, LG and Samsung, to pledge to issue monthly security updates for their mobile devices.

"[W]e appreciate efforts made by operating system providers, original equipment manufacturers, and mobile service providers to respond quickly to address vulnerabilities as they arise," Jon Wilkins, chief of the FCC's Wireless Telecommunications Bureau, wrote yesterday in the agency's letter to wireless carriers. "We are concerned, however, that there are significant delays in delivering patches to actual devices -- and that older devices may never be patched."

In a statement released after the announcements by the FCC and FTC, the CTIA wireless industry trade organization said carriers and partners work together to make customer security a top priority.

"As soon as OS providers and OEMs release security updates that are thoroughly tested, carriers deploy and encourage all customers to take advantage of the updates to protect their devices and personal information from cyberthreats," John Marinho, CTIA vice president of technology and cybersecurity, said in the statement.

Android in Particular a Problem

In an e-mail, Christopher Budd, global threat communications manager for Trend Micro, told us that his organization believes there has been a problem for years with security patches and updates not getting to vulnerable mobile devices -- Android devices in particular -- promptly. Android devices account for nearly 62 percent of all mobile devices and tablets in operation, according to the latest statistics from NetMarketShare.

So far this year, Trend Micro researchers have identified 11 Android vulnerabilities, nine of which are considered by Google, which operates Android, to be high or critical security risks, Budd said. Nine of those Android vulnerabilities are also related to the Stagefright bug, he added.

"Unfortunately, while this is a known problem, we haven't seen the carriers or handset makers take steps to address it," Budd said. "Hopefully this action will bring more attention to this problem and help educate people that they need to tell their carriers and handset makers they want the same level of security support as Google Nexus users who get security updates directly from Google."

Image Credit: All phone screenshots via Verizon.

Tell Us What You Think


Like Us on FacebookFollow Us on Twitter

Over the past decade, hospitals have been busy upgrading their systems from paper to electronic health records. Unfortunately, spending so much on EHR may have left insufficient funds for security.
The British government officially blamed Russia for waging the so-called NotPetya cyberattack that infected computers across Ukraine before spreading to systems in the U.S. and beyond.
© Copyright 2018 NewsFactor Network. All rights reserved. Member of Accuserve Ad Network.