FCC, FTC Launch Inquiry Into Mobile Device Security

The U.S. Federal Communications Commission and Federal Trade Commission on Monday wrote to Apple Inc, AT&T Inc, Alphabet Inc , Sprint Corp, Verizon Communications Inc and others, enquiring how they release security updates amid mounting concerns over security vulnerabilities, the agencies said.

The FCC said the joint inquiry by the commissions was "to better understand, and ultimately to improve, the security of mobile devices."

The FCC sent letters to six mobile phone carriers on security issues, while the FTC ordered eight mobile device manufacturers to provide information about how they issue security updates to address vulnerabilities in mobile devices.

The FTC said it sent letters to Apple, Blackberry; Alphabet's Google unit, HTC America Inc. LG Electronics USA Inc.; Microsoft Corp; Motorola Mobility LLC and Samsung Electronics America Inc [SMELA.UL].

The FTC said the companies must disclose "the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device" and "detailed data on the specific mobile devices they have offered for sale to consumers since August 2013" and "the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities."

The FCC said it sent letters to mobile carriers including AT&T, Verizon, Sprint and T Mobile, "asking questions about their processes for reviewing and releasing security updates for mobile devices."

The "safety of their communications and other personal information is directly related to the security of the devices they use," the FCC said. "There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device."

Consumers may be left unprotected potentially indefinitely by any delays in patching vulnerabilities, the FCC said.