FCC wants to know why mobile security patches take so long
The commission wants details from service providers and device manufacturers.
A number of critical security flaws have hit mobile devices in recent months, prompting device makers and service providers alike to issue timely patches. Sometimes those fixes take a while to reach affected handsets, and the FCC wants to know more about the process. Today, the commission announced that it's looking into how updates are distributed when a security flaw is discovered. As part of the inquiry, the FCC's Telecommunications Bureau head Job Wilkins asked both wireless carriers and eight phone and tablet manufacturers to provide details on how problems that plague consumer devices ultimately get fixed.
In its announcement, the FCC cites the so-called Stagefright vulnerability that affected around a billion Android devices worldwide. Google has released multiple patches to fix the security flaw, and those running a more recent version of the software with the latest updates are covered. However, there are a lot of aging Android devices in the wild running an older version of the OS, not all of which have received the patches needed to protect them against these vulnerabilities. Of course, Apple's mobile gadgets running iOS face their own security issues as well, but due to Stagefright's wide scope, it's understandably garnered particular attention.
When updates are released from device makers, there's sometimes a holdup on the part of the wireless companies. This is why the next version of Android may hit the latest Samsung phone on AT&T before it does on Verizon, for example. For that reason, the FCC seeks details about the process from both sides, especially when it comes to critical security updates. The commission notes that while companies have addressed issues when they're discovered, there have been significant delays in the patches reaching the affected devices. And, perhaps more importantly, there are a number of phones and tablets that aren't receiving these fixes at all.
This isn't the first time government officials have looked into the recent rise in mobile security issues. Last month, Rep. Ted Lieu (D-CA) called for an investigation into the SS7 bug that allowed security researchers to track location and record phone conversations without his knowledge. That particular flaw was first revealed in late 2014.
