FTC passes an Order to top technology makers to reveal mobile security practices
The Federal Trade Commission (FTC) today started an investigation into the state of mobile security, and it began by sending a letter to eight major mobile companies, inquiring about their current security practices.
The FTC sent a ten-page letter to companies such as Apple, Blackberry, Google, HTC American, LG Electronics USA, Microsoft, Motorola Mobility, and Samsung Electronics America.
The letter informs companies that they must provide a series of answers to questions the FTC is asking about how the companies plan and carry out security operations for their mobile divisions.
In layman’s terms, the FTC is asking what these companies are doing about the mobile OS patching process that’s currently leaving millions of devices exposed to hacking.
While Apple, Google, Microsoft, LG, and Samsung may feel at ease because they already use OTA (over-the-air) update systems to deliver security patches, the other companies are not.
Additionally, the FTC is not only making inquiries about how these updates take place but also on other security-related procedures.
These other procedures include “the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device,” “detailed data on the specific mobile devices they have offered for sale to consumers since August 2013,” “the vulnerabilities that have affected those devices,” and “whether and when the company patched such vulnerabilities.”
The Commission says it’s only trying to understand the current mobile security landscape, from the point of view of mobile manufacturers.
The FTC also said that fellow agency FCC (Federal Communications Commission) is carrying out a parallel inquiry targeting mobile carriers, which many users have accused of being the real source of the security problem, especially in the Android ecosystem where carriers often delay security patches for months at a time.
Source: Network World