If you're in possession of a flagship or recent handset, the chances are you're in line to receive timely updates for the foreseeable future. But Android's fragmentation means that older handsets quickly drop off the radar, get forgotten and remain unpatched. The FCC and the FTC both want to know why security patches are slow to hit phones, and the agencies have launched separate, but parallel, investigations.
The FTC has issued orders to a number of handset manufacturers (Apple, Blackberry, Google, HTC, LG, Microsoft, Motorola, and Samsung) seeking details about their security patching processes. Specifically, the agency wants to know what factors influence whether a particular smartphone or tablets receives a particular patch. It is also looking for a breakdown of all handsets released since August 2013, the vulnerabilities each was affected by, and which security problems were fixed.
While the FTC says that "the Federal Communications Commission is conducting a separate, parallel inquiry", the FCC itself says that it has a "partnership with [the] FTC [that]] will examine how patches are distributed". The agency expresses concern about how long patches take to make their way to customers:
Consumers may be left unprotected, for long periods of time or even indefinitely, by any delays in patching vulnerabilities once they are discovered. To date, operating system providers, original equipment manufacturers, and mobile service providers have responded to address vulnerabilities as they arise. There are, however, significant delays in delivering patches to actual devices -- and that older devices may never be patched.The companies sent orders have 45 days to respond, but it's not clear quite how long these investigations could go on for.
Photo credit: Kirill__M / Shutterstock
~ Mark Wilson
0 comments:
Post a Comment