The Federal Communications Commission (FCC) and the Federal Trade Commission (FCC) jointly wrote to Apple, AT&T, Alphabet, Sprint, Verizon Communications and others, enquiring how they release security updates amid mounting concerns over security vulnerabilities. Wireless Telecommunications Bureau Chief Jon Wilkins sent a letter to mobile carriers asking questions about their processes for reviewing and releasing security updates for mobile devices.
At the same time, the FTC has ordered eight mobile device manufacturers (Apple, Blackberry; Alphabet's Google unit, HTC America; LG Electronics USA; Microsoft; Motorola Mobility LLC and Samsung Electronics America) to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
The FTC said the companies must disclose "the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device" and "detailed data on the specific mobile devices they have offered for sale to consumers since August 2013" and "the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities."
The "safety of their communications and other personal information is directly related to the security of the devices they use," the FCC said. "There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device."
Consumers may be left unprotected potentially indefinitely by any delays in patching vulnerabilities, the FCC said.
To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise.
There are, however, significant delays in delivering patches to actual devices-and that older devices may never be patched.