The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) announced today that they have begun investigating why it takes mobile devices in the US so long to get security patches, and that’s if those mobile devices even see a security patch at all during its life cycle.
The FCC and FTC are by no means teaming up on this investigation. This will be an entirely separate case for each agency, but a parallel investigation.
As far as specifics go, both agencies will be looking into how OEMs create and rollout important security patches. To start things off, eight companies have been ordered to provide information for the investigation–Google, BlackBerry, HTC, LG, Motorola, Samsung, Microsoft, and Apple.
The FCC specifically notes the problem with the Stagefright issue. It was a big security breach that concerned a good chunk of people. The update rolled out rather quickly for some devices, slower for others, and some that never even saw the patch. Another big concern is older devices, many of which never saw the patch and never will. Here’s the official letter sent to the carriers by the FCC:
“Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. Therefore, we appreciate efforts made by operating system providers, original equipment manufacturers, and mobile service providers to respond quickly to address vulnerabilities as they arise. We are concerned, however, that there are significant delays in delivering patches to actual devices—and that older devices may never be patched.”
It goes without saying, this is a matter to be concerned about. Security breaches aren’t fun, especially when your personal information is at risk. Unfortunately, it looks like the FCC and FTC are only looking for facts right now and won’t be doing anything about the problem for some time. Those who received inquires from the FCC and FTC will have 45 days to respond.
Hopefully the FCC and FTC will be able to find a way to get security patches applied faster and easier, especially in a day and age where security vulnerabilities are everywhere.