Is your smartphone secure? Federal regulators want to know

The Federal Trade Commission and Federal Communications Commission have ordered Apple, Google, Microsoft, among others, to explain how they fix security vulnerabilities in devices and operating systems. 

|
Geert Vanden Wijngaert/AP
A woman uses a Google Android smartphone. Google and seven other smartphone manufactures have been ordered to explain to federal regulators how they fix security vulnerabilities in devices and operating systems.

Do smartphone makers and wireless carriers fix security bugs and other vulnerabilities fast enough?  

The Federal Trade Commission (FTC) and Federal Communications Commission (FCC) want the largest smartphone manufacturers, software developers, and wireless carriers in the United States to answer this question.  

The federal regulators both issued statements Monday requiring the 12 companies to explain how they issue updates to address security vulnerabilities, as questions linger about how a security flaw in Google Android's Stagefright multimedia playback engine were resolved.  

"There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device," reads the FCC statement, which references the Stagefright bug.  

The letter praises software developers, manufacturers, and carriers' responses in developing patches, or fixes, to address these vulnerabilities.  

"There are, however, significant delays in delivering patches to actual devices – and that older devices may never be patched," reads the letter.  

The FCC sent letters to the four largest wireless carriers in the US – AT&T, Sprint, T-Mobile, and Verizon Wireless – writing it wants to better understand "their processes for reviewing and releasing security updates for mobile devices." The FTC, meanwhile, ordered eight smart manufacturers and software developers, including Apple, Google, and Microsoft, to complete a report that explains their "policies, procedures, and practices" for developing security updates and delivering them to customers.    

The regulators' concerns are far from unfounded.  More Americans own smartphones than ever before. Sixty-four percent of Americans own a smartphone, according to a 2015 study by the Pew Research Center, with 85 percent of 18 to 29 year olds owning a phone, and 79 percent of 30 to 49 year olds owning one. And many Americans conduct online banking or look up government services or information on their phone, perhaps typing in confidential information in the process, the study found.  

It wouldn't be far-fetched to guess these percentages have increased since the survey was conducted in 2014, as smartphones and applications have become more affordable and user-friendly. It's no wonder regulators want to ensure a scenario like Stagefright doesn't repeat itself.  

The flaw in Google's Android mobile operating system allowed attackers to take control of someone's device just by sending a text message, The Christian Science Monitor reported in July.

An attacker could gain control over Bluetooth, video, audio, and the microphone – enough to turn a phone into a spycam, and on many phones, the attacker could gain complete control of the device. 

Security professionals have long been critical of Google over its Android update practices, wrote Joe Uchill in the Passcode article.  

"When bugs affect Android versions that Google still supports, the company writes a patch, sends it to phone manufacturers, and counts on companies such as Samsung or Motorola to update their customers' phones. But many manufacturers do not treat updates with urgency. If a bug affects a version of Android that Google no longer supports, phone manufacturers can develop patches on their own, but few ever do."  

As these two federal agencies step in, others in Washington have criticized the government having "back doors" in devices that would allow them (and hackers) to break into a device

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

QR Code to Is your smartphone secure? Federal regulators want to know
Read this article in
https://www.csmonitor.com/Technology/2016/0510/Is-your-smartphone-secure-Federal-regulators-want-to-know
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe