FCC Releases Tentative Agenda for May Open Meeting
The investigation is said to centre around how some companies review their security updates and then release them via OTA, while also looking in to the lack of consistency amongst device makers, as some receive security updates while others are left vulnerable.
The FCC has joined with the Federal Trade Commission to launch an inquiry into mobile device security.
As part of its inquiry, the FTC is asking for information about when device makers learn of vulnerabilities from software and chip vendors and when or if they issue security updates.
The FTC said the companies must disclose "the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device" and "detailed data on the specific mobile devices they have offered for sale to consumers since August 2013" and "the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities". "As soon as OS providers and OEMs release security updates that are thoroughly tested, carriers deploy and encourage all customers to take advantage of the updates to protect their devices and personal information from cyberthreats". "To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise".
The agency cited Stagefright, a major security flaw that affected nearly every Android device ever shipped.
There were more than 355 million US mobile wireless devices in use in 2014, the FCC said in a December report.
Security-focused updates have a somewhat better track record, but vulnerabilities found for older versions of Android often still are left unpatched. Apple declined to comment.
"We're attempting to get an assessment on the state of what carriers do to push out patches for device vulnerabilities, how quickly they do it, and what are some of the barriers and challenges they have", said Neil Grace, a spokesman for the FCC.
John Marinho, vice president for cybersecurity at CTIA, a wireless trade group, said in a statement that "customers' security remains a top priority for wireless companies, and there is a very strong partnership among carriers".
Source: FCC, FTC launch inquiry into smartphone security updates
No comments:
Post a Comment