In Brief

The Smartphone users are fed up with slow security updates, so two United States federal agencies have launched an official inquiry to know how manufacturers and carriers deal with mobile phone security updates and what they are doing to roll out patches as quickly as possible.

The Smartphone patch update mechanism is broken, and someone has to fix it.

Most smartphone models are not receiving available security patches, and the risk of vulnerabilities, malware infections, and data loss are leaving consumers vulnerable to attacks and putting businesses and corporate networks at risk.

The United States federal regulators want to know how and when mobile phone manufacturers and cell phone carriers release security updates to assure its users' security, amid mounting concerns over security vulnerabilities.

The Federal Communications Commission (FCC) in partnership with the Federal Trade Commission (FTC) have launched its own, parallel inquiry into mobile device security updates.

On Monday, the FTC ordered eight mobile phone manufacturers to answer few questions on how they handle security updates to address vulnerabilities in smartphones, tablets, and other mobile devices.

The mobile phone makers include Apple, Samsung, Google, Microsoft, Blackberry, HTC, Motorola, and LG.

Meanwhile, the FCC sent a letter to six mobile carriers – including AT&T, Sprint, and Verizon – "to better understand the role that they play in ensuring the security of mobile devices."

The FCC is concerned about so much delays in delivering security updates to affected devices and that "older devices may never be patched."

Here's what the FCC wrote in its Press release:
"As our nation's consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, from the most sensitive to the most trivial, the safety and security and their communications and other personal information is directly related to the security of the devices they use."
"There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user's device and all the personal, sensitive data on it."
The FCC asked the cellphone carriers about how they handle the rollouts of vulnerability patches, what hurdles they face in getting security updates to their users, what is the current rollouts process, and how do they notify customers about security flaws.

The FCC also requested Stagefright-specific data to know how the carriers became aware of the security flaw and how many of their customers' devices were affected by it.

Moreover, the agency asked carriers on whether the monthly security updates promised by Google, LG and Samsung are actually happening.

The FTC want mobile phone makers to detail:
  • The factors they consider in deciding whether to patch a flaw on a particular mobile device.
  • The details of the data on the particular mobile devices they have offered for sale to consumers since August 2013.
  • The security vulnerabilities that have affected those mobile devices.
  • Whether and when the company patched such security flaws.
The mobile phone makers and cellphone carriers are asked to respond to the questions within 45 days.

Mobile phone makers and cellphone carriers often aren't very interested in updating older devices, as they don't want to put much work into updating an older device and also want to encourage their customers to buy newer devices.

This leaves older models in an insecure state without any patch forthcoming.

So, this new move by the federal regulators would help the majority of phone users in the world who are running old, out-of-date, and potentially harmful software.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.