Mobile security is a major problem for consumers. We give out a lot of information about ourselves online. We know that websites we interact with store a lot of our data, but most of us sign up without bothering much about it.
The US regulators, FCC (Federal Communications Commission and FTC (Federal Trade Commission) have come together to find out how and when the top phone companies apply mobile security updates to customers.
The FCC explained that this investigation is intended at understanding the existing mobile security and making the necessary improvements.
The FCC statement read: “As consumers and businesses turn to mobile broadband to conduct ever more of their daily activities, the safety of their communications and other personal information is directly related to the security of the devices they use.”
Letters seeking answers to several questions have been sent out to Google, BlackBerry, Microsoft, Apple, LG Electronics America, Samsung Electronics America and HTC America.
The companies have been asked when their mobile security patches are released. They have also been asked to give reasons for delays in releasing patches.
The FTC explained that through different investigations, they seek a variety of information. For example, information about mobile security threats and whether older hardware and software are given the same importance as the newer ones.
The FCC said that these investigations are being conducted in view of the growing number of vulnerabilities being found with most major mobile companies. This threatens the consumer’s security.
“Stagefright” Android Mobile Security Threat
They talked about Android OS’s “Stagefright” vulnerability, which if left unattended, can affect almost one billion Android devices globally.
Stagefright caused the security industry to stand up and pay attention. This threat was first reported by Joshua Drake of the Zimperium zLabs, which is a security outfit.
Zimperium said, “We dived into the deepest corners of Android code and discovered what we believe to be the worst Android vulnerabilities discovered to date. These issues in Stagefright code critically expose 95 percent of Android devices, an estimated 950 million devices.”
“Gaining remote code execution privileges merely by having access to the mobile number? Enter Stagefright. The targets for this kind of attack can be anyone from prime ministers, government officials, company executives, security officers to IT managers.”
Delays in Releasing Patches
FCC opined that while mobile service providers address vulnerabilities quickly, there are significant delays in the delivery of patches to newer devices.
It has also been observed that the older devices are not patched, leading to mobile security concerns.
Recently the FTC fined LifeLock, a company that protects people from identity theft. This company has been fined $100 million for failing to keep consumer data secure and for making advertising claims deceptively.
The Regulators said they will make their investigation findings on mobile security public.