Agencies want to better understand practices regarding patching vulnerabilities
The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) are joining forces to scrutinize how security updates ultimately make their way to mobile devices in the U.S.
The two government agencies joined teamed up to submit official inquiries into the practices of top tech firms in the U.S. — specifically about how security updates are released to smartphones and other mobile devices.
FTC’s inquiry
The inquiry from the [link url=”https://www.ftc.gov/news-events/press-releases/2016/05/ftc-study-mobile-device-industrys-security-update-practices” title=”FTC“] officially seeks input from eight mobile device manufacturers — Apple, Blackberry, Google, HTC America, LG Electronics, Microsoft, Motorola Mobility, and Samsung. The FTC issued orders to the eight tech firms, requiring each provide the Commission with details regarding security updates that get released to address vulnerabilities in mobile devices like smartphones and tablets.
FCC’s inquiry
According to the [link url=”http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0509/DOC-339256A1.pdf” title=”FCC,“] Wireless Telecommunications Bureau Chief Jon Wilkins sent official letters to mobile carriers asking for detailed information about releasing security updates for mobile devices.
.@FCC, @FTC studying mobile device security updates: https://t.co/GSTV3EzFTC #tech
— The FCC (@FCC) May 9, 2016
Two inquiries, one joint effort
While both agencies want to review the entire processes that tech companies use to review and then release security updates to mobile users, of particular concern from both the FTC and FCC is the timing of security updates. i.e. Why are there often delays to get security updates and patches out to users of various mobile devices?
According to the [link url=”http://transition.fcc.gov/Daily_Releases/Daily_Business/2016/db0509/DOC-339256A1.pdf” title=”FCC statement:“] “Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices—and that older devices may never be patched.”
Along with the timing concerns, the two agencies also wish to gain a better understanding of collective policies regarding how companies choose which vulnerabilities to patch, and how they prioritize different issues that arise across different devices.
FTC to study #mobile device industry’s security update practices: https://t.co/Wbe38HqfT5
— FTC (@FTC) May 9, 2016
Comments are closed.