FCC FTC Look at Mobile Updates
The Federal Communications Commission (FCC) and Federal Trade Commission (FTC) are looking for details on how companies release their mobile security updates. Per CNET, the FCC sent letters to the four major U.S. carriers. They are AT&T, Sprint, T-Mobile and Verizon. The FTC are looking into the mobile device and software makers, most notably Samsung, Apple and Google.
The FCC targeted one bug in specific called Stagefright, according to The Verge. Stagefright continues to be exploited in unique ways after several patches to fix the holes.
As reported by PC Magazine, the companies were asked to respond to the questions within 45 days. The FTC are asking questions such as, What are the factors considered in deciding whether or not to patch a vulnerability on a particular mobile device? They are also requesting detailed data on devices sold since August 2013.
This is a very interesting topic because most phones stop receiving timely patches after the first year of release. Unless you root your phone and flash updated ROMs to get the latest Operating System or features, then your operational device gets left behind. Before carriers started offering leasing programs, they offered a 2-year contract. By the end of the contract most devices hadn’t received updates for six to eight months.
It hasn’t been reported on whether or not these companies will be fined or forced to an update schedule, but it could lead to setting up a precedent for future devices. A monthly release of patches would tremendously help device longevity, but could cut into the bottom line of these companies who make new versions of flagship phones yearly.
With mobile devices being used more frequently for shopping, banking and other personal matters, they need to be as secure as possible to prevent identity theft. It is however the user’s responsibility to be aware of vulnerabilities and bugs going around to help prevent becoming a victim. If you own one of these devices through a carrier, then this is a topic worth following to ensure you are getting the most out of the device you currently use.
Announcements and Resources
If you believe you may have had your credentials stolen, please check out haveibeenpwned.com and enter your email address
Advanced Persistent Security has partnered with the EC-Council to provide a discounted EC-Council Training Event to our readers and listeners. The codes are only good for the Hacker Halted event in Atlanta, GA September 11-14 and 15-16, 2016. Below are the codes, if you have any questions, Contact Us:
SEPTEMBER 11TH-14TH, 2016
$1,999 Courses if you register using discount code: HHAPSTRN
Choose one of the following courses and exams:
- Certified Ethical Hacker (C|EH)*
- Computer Hacking Forensic Investigator (C|HFI)*
- Certified Security Analyst (E|CSA/L|PT)*
- Certified Chief Information Security Officer (C|CISO)*
All courses include:
- Official Courseware
- 1 Complimentary Exam Voucher
- Certificate of attendance
- Lunch and coffee breaks throughout the duration of the training
- Complimentary Pass to Hacker Halted – Atlanta conference (September 15 & 16)
*Individual conference passes can be purchased for $35 (down from $199) Use code: HHAPSCON
Instructions for registration:
1) Click here
2) Fill in all the necessary info
3) Enter Qty (1) for conference pass – public
4) Enter promotional code HHAPSCON (for $35 Conference Passes) HHAPSTRN (for $1,999 Courses)
Recent APS Posts
Change Your Email Password Now!
Qatar Bank Breached After Bangladesh
Bangladesh Bank Loses 80 Million USD
Ransomware Infects Android 4.x
Spotify Allegedly Hacked…Again
MedStar Health Cybersecurity Fails to Prevent Attack
Ransomware Locks MBR
Iranian hackers hit with Federal charges
Spear Phishermen Target Corporate W-2 Data
4 Things to Know About Ransomware
Ransomware Hits Mac Computers
Thanks for stopping by and checking out our podcast. We would appreciate if you could subscribe (assuming you like what you hear; we think you will). This is meant to be informative and to provide value to anyone who listens – regardless of their knowledge and/or understanding of IT/Cybersecurity. To learn more about us, check out our “About Us” page.
If you have ANY Cybersecurity needs, please contact us and a member of our staff with promptly reply to your question or concern.