Tuesday, May 10, 2016

:: Inquiry into Mobile Device Security Updates

"The Federal Communications Commission today joined the Federal Trade Commission to better understand, and ultimately to improve, the security of mobile devices. Wireless Telecommunications Bureau Chief Jon Wilkins sent a letter to mobile carriers asking questions about their processes for reviewing and releasing security updates for mobile devices. At the same time, the FTC has ordered eight mobile device manufacturers to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use. There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device, including “Stagefright” in the Android operating system, which may affect almost 1 billion Android devices globally.

Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered.  To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise.  There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.

The Commission will continue its longstanding partnership and work cooperatively with the FTC on this issue. Responses to the letters will inform discussions with industry about possible solutions and be shared with the FTC.

FCC WIRELESS TELECOMMUNICATIONS BUREAU LAUNCHES INQUIRY INTO MOBILE DEVISE SECURITY UPDATES.   Partnership with FTC will examine how patches are distributed.  News Release.  WTB  https://apps.fcc.gov/edocs_public/attachmatch/DOC-339256A1.docx

FTC To Study Mobile Device Industry’s Security Update Practices

For Release

In order to gain a better understanding of security in the mobile ecosystem, the Federal Trade Commission has issued orders to eight mobile device manufacturers requiring them to provide the agency with information about how they issue security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.
The eight companies receiving orders from the FTC are: Apple, Inc.; Blackberry Corp.; Google, Inc.; HTC America, Inc.; LG Electronics USA, Inc.; Microsoft Corp.; Motorola Mobility, LLC; and Samsung Electronics America, Inc.
Among the information recipients must provide under the orders are:
  • the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device;
  • detailed data on the specific mobile devices they have offered for sale to consumers since August 2013;
  • the vulnerabilities that have affected those devices; and
  • whether and when the company patched such vulnerabilities.
The orders issued today are part of the FTC’s ongoing efforts to understand the security of consumers mobile devices, including a workshop in 2013 and a follow-on public comment period in 2014.
The Federal Communications Commission is conducting a separate, parallel inquiry into common carriers’ policies regarding mobile device security updates.
The Commission is authorized to issue Orders to File a Special Report by Section 6(b) of the FTC Act.

No comments: