Subscribe

Is your smartphone secure? Federal regulators want to know

The Federal Trade Commission and Federal Communications Commission have ordered Apple, Google, Microsoft, among others, to explain how they fix security vulnerabilities in devices and operating systems. 

  • close
    A woman uses a Google Android smartphone. Google and seven other smartphone manufactures have been ordered to explain to federal regulators how they fix security vulnerabilities in devices and operating systems.
    Geert Vanden Wijngaert/AP
    View Caption
  • About video ads
    View Caption
of

Do smartphone makers and wireless carriers fix security bugs and other vulnerabilities fast enough?  

The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) want the largest smartphone manufacturers, software developers, and wireless carriers in the United States to answer this question.  

The federal regulators both issued statements Monday requiring the 12 companies to explain how they issue updates to address security vulnerabilities, as questions linger about how a security flaw in Google Android's Stagefright multimedia playback engine were resolved.  

"There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device," reads the FCC statement, which references the Stagefright bug.  

The letter praises software developers, manufacturers, and carriers' responses in developing patches, or fixes, to address these vulnerabilities.  

"There are, however, significant delays in delivering patches to actual devices – and that older devices may never be patched," reads the letter.  

The FCC sent letters to the four largest wireless carriers in the US – AT&T, Sprint, T-Mobile, and Verizon Wireless – writing it wants to better understand "their processes for reviewing and releasing security updates for mobile devices." The FTC, meanwhile, ordered eight smart manufacturers and software developers, including Apple, Google, and Microsoft, to complete a report that explains their "policies, procedures, and practices" for developing security updates and delivering them to customers.    

The regulators' concerns are far from unfounded.  More Americans own smartphones than ever before. Sixty-four percent of Americans own a smartphone, according to a 2015 study by the Pew Research Center, with 85 percent of 18 to 29 year olds owning a phone, and 79 percent of 30 to 49 year olds owning one. And many Americans conduct online banking or look up government services or information on their phone, perhaps typing in confidential information in the process, the study found.  

It wouldn't be far-fetched to guess these percentages have increased since the survey was conducted in 2014, as smartphones and applications have become more affordable and user-friendly. It's no wonder regulators want to ensure a scenario like Stagefright doesn't repeat itself.  

The flaw in Google's Android mobile operating system allowed attackers to take control of someone's device just by sending a text message, The Christian Science Monitor reported in July.

An attacker could gain control over Bluetooth, video, audio, and the microphone – enough to turn a phone into a spycam, and on many phones, the attacker could gain complete control of the device. 

Security professionals have long been critical of Google over its Android update practices, wrote Joe Uchill in the Passcode article.  

"When bugs affect Android versions that Google still supports, the company writes a patch, sends it to phone manufacturers, and counts on companies such as Samsung or Motorola to update their customers' phones. But many manufacturers do not treat updates with urgency. If a bug affects a version of Android that Google no longer supports, phone manufacturers can develop patches on their own, but few ever do."  

As these two federal agencies step in, others in Washington have criticized the government having "back doors" in devices that would allow them (and hackers) to break into a device

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK