US FCC, FTC launch inquiry into smartphone security updates

The government is trying to see if security updates can land in consumer's phones faster

The U.S. Federal Communications Commission and Federal Trade Commission have opened parallel inquiries into the way smartphone security updates are issued and handled by major mobile carriers and device makers.

The two agencies say they are responding to the growing amount of personal information held in smartphones and a recent rise in the attacks on the security of that information.

The FCC has sent letters to AT&T, Verizon, T-Mobile, Sprint, and U.S. Cellular asking for information on their processes for reviewing and releasing security updates for mobile devices. The FTC has asked for similar information from Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung.

The companies, which control the vast majority of mobile contracts and smartphone handsets sold in the U.S., have 45 days to respond, at which time the two agencies will analyze the responses and share data with each other.

The inquiries haven't risen to the level of a formal investigation or rulemaking, but they could depending on what is discovered.

"We're attempting to get an assessment on the state of what carriers do to push out patches for device vulnerabilities, how quickly they do it, and what are some of the barriers and challenges they have," said Neil Grace, a spokesman for the FCC.

As part of its inquiry, the FTC is asking for information about when device makers learn of vulnerabilities from software and chip vendors and when or if they issue security updates.

Because cellular carriers customize the software on their devices, it's often not possible for operating system vendors like Google to push updates directly to consumers. The updates have to be submitted to carriers and then work through the carrier's own control process before being released.

Part of the motivation for the inquiry was the Stagefright vulnerability that hit hundreds of millions of Android phones last year. Stagefright left phones vulnerable if a user clicked on a specially formatted MMS message.

Google provided a fix but had to wait until cellular carriers pushed the update to customers. On older phones, some consumers might not have received the update at all.

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Google

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Martyn Williams

IDG News Service
Show Comments

Brand Post

Most Popular Reviews

Latest Articles

Resources

PCW Evaluation Team

Tom Pope

Dynabook Portégé X30L-G

Ultimately this laptop has achieved everything I would hope for in a laptop for work, while fitting that into a form factor and weight that is remarkable.

Tom Sellers

MSI P65

This smart laptop was enjoyable to use and great to work on – creating content was super simple.

Lolita Wang

MSI GT76

It really doesn’t get more “gaming laptop” than this.

Jack Jeffries

MSI GS75

As the Maserati or BMW of laptops, it would fit perfectly in the hands of a professional needing firepower under the hood, sophistication and class on the surface, and gaming prowess (sports mode if you will) in between.

Taylor Carr

MSI PS63

The MSI PS63 is an amazing laptop and I would definitely consider buying one in the future.

Christopher Low

Brother RJ-4230B

This small mobile printer is exactly what I need for invoicing and other jobs such as sending fellow tradesman details or step-by-step instructions that I can easily print off from my phone or the Web.

Featured Content

Product Launch Showcase

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?