An inquiry into the mobile device security has been started by the Federal Communications Commission in conjunction with the Federal Trade Commission.
The whole inquiry by the FCC revolves around how phone makers are reviewing and releasing most of the security updates they encounter. The FCC has been asking around and it reportedly sent a letter to the mobile carrier networks, AT&T, Verizon, and Sprint included, on how tech companies go about with that process. As part of its questioning and inquiries, the FTC also asked eight of the mobile device manufacturers to help them with how they go around identifying software vulnerabilities and sending out patches.
The investigation is not the first that the FCC has done on mobile device makers as it tries to understand smartphone security. Back in 2012, the agency actually released some pointers about online security for all consumers. It helped users with tips on how to improve security based on their mobile operating system. The FCC said in a press release that recently there had been a growing number of flaws which were associated with most mobile operating systems which attackers could use to threaten the device’s security and integrity.
One of the bugs mentioned by the FCC is the Stagefright bug. The bug was first discovered back in July last year and enabled hackers to attack Android devices via text message. Because of the preview process in most Android phones, the bug left a billion users vulnerable. Almost a year later after the discovery of the bug and subsequent patches the bug is still being exploited in many and unique ways.
Google released a patch for most flaws on the Android operating system but whether it was for Stagefright also was unclear.
The lack of consistency is the worrying factor for the FTC and FCC, and the investigation is an indication of the concerns that the agencies have with Google and phone makers such as LG and mobile carriers such as AT&T.