US starts inquiry into security of mobile devices

US federal authorities launch an extensive investigation to determine what measures smartphone companies take to keep their users’ data safe against security lapses.

Photo by: Reuters (Archive)
Photo by: Reuters (Archive)

People look at smartphones at the Apple store in Tokyo, Japan on April 19, 2016.

The Federal Communications Commission and Federal Trade Commission have asked mobile phone carriers and manufacturers to explain how they release security updates amid mounting concerns over security vulnerabilities, the US agencies said on Monday.

The agencies have written to Apple Inc, AT&T Inc and Alphabet Inc, among others, in order "to better understand, and ultimately to improve, the security of mobile devices," the FCC said.

The FCC sent letters to six mobile phone carriers on security issues, while the FTC ordered eight mobile device manufacturers including BlackBerry Ltd, Microsoft Corp, LG Electronics USA Inc and Samsung Electronics America Inc [SMELA.UL] to disclose "the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device."

The FTC also seeks "detailed data on the specific mobile devices they have offered for sale to consumers since August 2013" and "the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities."

The agencies are opening the inquiry about how mobile carriers and manufacturers handle security updates for mobile devices because consumers and businesses are conducting a growing amount of daily activities on mobile devices and new questions have been raised about the security of mobile communications.

The "safety of their communications and other personal information is directly related to the security of the devices they use," the FCC said. "There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user’s device."

The FCC said it sent letters to mobile carriers including AT&T, Verizon Communications Inc, Sprint Corp, US Cellular Corp, Tracfone Wireless, which is owned by America Movil SAB, and T-Mobile US, which is owned by Deutsche Telekom, "asking questions about their processes for reviewing and releasing security updates for mobile devices."

The companies must respond to the FCC and FTC questions within 45 days.

There were more than 355 million US mobile wireless devices in use in 2014, the FCC said in a December report. The agency said that number had risen to 382 million by mid-2015, citing company disclosures.

Though the US government has raised concerns on the security of smartphones, at the same time, its agencies continue to demand controversial requests from mobile phone companies or apply even more controversial methods to access information it thinks that it needs. 

The US Justice Department reportedly unlocked the iPhone in March with the help of the contractor after Apple Inc refused to bypass the device's encryption features on grounds it could undermine security for all users.

The FBI paid under $1 million for the technique used to unlock the iPhone used by one of the San Bernardino shooters, a figure smaller than the $1.3 million the agency's chief initially indicated the hack cost, several US government sources said in late April. 

TRTWorld and agencies