Government Asks Wireless Manufacturers & Carriers About Device Security Updates

Image courtesy of Simon Asquith

At the same time as their counterparts at the Justice Department are trying to circumvent smartphone security, the folks at the FCC and the Federal Trade Commission are talking to manufacturers about how to make these devices more secure.

In response to recently exposed cracks in wireless operating systems, like last summer’s Stagefright exploit that exposed hundreds of millions of Android phones to the possibility of being hacked, the FTC has sent requests for information [Sample PDF] to Apple and Google, along with other major wireless manufacturers — HTC, LG, Motorola Mobility, Samsung, Microsoft, and Blackberry — asking them for details on how and when they decide to patch vulnerabilities in their devices.

The orders sent to these companies seeks specific information regarding previous vulnerabilities for the devices and operating systems they make, and how those problems were ultimately resolved.

Because security updates — especially for Android devices — are pushed out not by phone manufacturers or OS developers, but by the wireless carriers, the FCC has written to these service providers, expressing concerns about any delays that might slow the rollout of a security update, and also that older devices may not be getting these patches because the carrier chooses to no longer support them.

There is also the issue of getting end-users to accept the security updates. Every second a device’s user delays that update, is a second their device continues to be vulnerable. The FCC wants to know if the carriers have any data on when customers ultimately get around to updating their phones, and what potential harm might be caused by devices that aren’t updated.

Want more consumer news? Visit our parent organization, Consumer Reports, for the latest on scams, recalls, and other consumer issues.