US gov’t probes mobile phone industry over the sad state of security updates

May 12, 2016

For years, critics have bemoaned the sad state of security updates available to hundreds of millions of owners of mobile devices running Google’s Android operating system. Now, US federal regulators are investigating whether Google, Apple, and the rest of the players in the mobile industry are doing everything they can to keep their customers safe.

In a joint action, the Federal Communications Commission and the Federal Trade Commission are ordering mobile operating system developers, hardware manufacturers, and carriers to explain their rationale in deciding when to issue updates, or as is so often the case for Android users, why they don’t provide updates. Two of the more glaring examples are a vulnerability dubbed Stagefright disclosed last year and another disclosed in March called Metaphor. Both allow attackers to surreptitiously execute malicious code on Android devices when they view a booby-trapped website.

Read full story…