Asserting that “there have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device,” the FCC announced Monday that it has joined the Federal Trade Commission (FTC) in launching an inquiry that seeks to “better understand, and ultimately, to improve, the security of mobile devices.”
Jon Wilkins, the Chief of the FCC’s Wireless Telecommunications Bureau, told press sources that the agency has sent letters to AT&T, Verizon, Sprint, T-Mobile US and two other wireless carriers requesting information on processes used by the companies to release security updates for mobile devices. Eight mobile device manufacturers, including Apple, LG Electronics, Motorola Mobility and Samsung, received a similar letter from the FTC soliciting data on how security updates are used to address vulnerabilities in smart phones, tablet PCs and other mobile devices. Specifically, the FCC letter asks the carriers to respond as to whether they (1) “face issues or hurdles in releasing security updates for operating systems to consumers,” (2) face “particular issues or hurdles in getting consumers to install updates,” and (3) discontinue security update support for mobile devices. The FTC letter asks about (a) security data on devices offered for sale since August 2013, (b) specific vulnerabilities manufacturers have learned about, and (c) factors device makers consider in deciding whether to patch a security vulnerability.
Recipients have been asked to reply to the FCC or to the FTC within 45 days. Voicing his appreciation for “efforts made by operating systems providers, original equipment manufacturers, and mobile service providers to respond quickly to address vulnerabilities as they arise,” Wilkins said, “we hope that the efforts of our two agencies will lead to a greater understanding of what is being done today . . . and what can be done to improve mobile device consumer safety and security in the future.” Stressing that “carriers deploy and encourage all customers to take advantage of” security updates as soon as they are released; a spokesman for wireless association CTIA proclaimed that “security remains a top priority.”