US regulators probe Apple, Google, Verizon & others on security patches

Posted:
in iPhone
A variety of wireless carriers and smartphone and tablet makers, including Apple, are reportedly being asked by U.S. regulators to explain how they review and push out security updates to their customers.




The issue is being examined by both the Federal Communications Commission and the Federal Trade Commission, Bloomberg said. The FCC has sent out letters to AT&T, Verizon, T-Mobile, Sprint, U.S. Cellular, and TracFone Wireless. The FTC, meanwhile, has issued orders to Apple, Google, BlackBerry, HTC, LG, Microsoft, Motorola, and Samsung.

At stake are the potential vulnerabilities left open by delaying a fix. While Google regularly updates Android, for instance, companies like HTC and Samsung often use custom skins and apps that can postpone those changes coming to their own devices -- if they arrive at all, in the case of older hardware. Carriers can sometimes impose their own delays on when updates reach customers.

As an example the FCC made specific reference to Android's "Stagefright" vulnerability, which it said could be affecting up to a billion devices. Google has worked to patched the problem but many devices may still be at risk because of slow third-party support.

Both Apple and Google issue point releases to fix critical bugs and vulnerabilities, but will also sometimes hold off on less serious problems until code can be wrapped into a planned update.

The FTC said that the information it wants includes the factors used in deciding whether to patch a hole, details on devices sold since August 2013, and which vulnerabilities have impacted those products, as well as whether they've been solved.

Comments

  • Reply 1 of 12
    r00fus1r00fus1 Posts: 65member
    Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.
    stevehjony0
  • Reply 2 of 12
    foggyhillfoggyhill Posts: 4,767member
    In the case of Android, they didn't a fuck about their customer when they set up their OS; and now they blame the OEM who makes 2% of their phones while being slaves to Google...

    Google by not allowing OEM's to fork Android has removed the incentive for them to sell anything but new phones.

    People like you keep getting Google off the hook when they're mostly responsible for this shit happening in the first place.
    jbdragon
  • Reply 3 of 12
    lkrupplkrupp Posts: 6,530member
    Wait... What? The government is investigating whether technology companies issue security patches in a timely matter, and then turns right around and demands back doors to get around those very patches so they can hack a device at will? Is that what’s going on here? And they want to know about any vulnerabilities and whether they have been solved? Isn’t that just giving the henhouse key to the fox?
    baconstangmwhitegatorguystevehjbdragonjony0jackansi
  • Reply 4 of 12
    foggyhillfoggyhill Posts: 4,767member
    r00fus1 said:
    Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.
    Get a clue, the reason its like that is that OEM and phone company can barely make a buck off new phones let alone supporting old phones and Google fucked up in the way they intially created the OS.

    Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.

    Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!

    If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.
    jbdragonjony0
  • Reply 5 of 12
    adrayvenadrayven Posts: 460member
    foggyhill said:
    r00fus1 said:
    Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.
    Get a clue, the reason its like that is that OEM and phone company can barely make a buck off new phones let alone supporting old phones and Google fucked up in the way they intially created the OS.

    Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.

    Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!

    If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.
    Get a clue.. Android allowed that until 4.0, and it was HORRIFIC.. OEM's having control doesn't mean they will do crap. They just let things fall behind even further..

    It wasn't util Google stepped up and started pushing that HTC ACTUALLY started pushing out updates.. I remember the first versions of the HTC Android phones from Sprint. They got 2, read it, 2 minor updates and then they realized if they kept updating people might not buy new..

    OEM's have never had much incentive period. Trying to make it sound like Google is the reason is stupid. Also, Google doesn't control the cost of hardware or the market's costs.. They have never charged any of the OEM's for the OS either.. The profits, or lack their of, is completely on the OEM's.

    Thats like saying that a free a car is the reason your late for work. Bulk of the responsibility is on the OEM, not Google. Google can only hand them to tools to do it right, they can only push so much before it's up to the OEM to do the right thing.
    edited May 2016 king editor the grate
  • Reply 6 of 12
    ericthehalfbeeericthehalfbee Posts: 3,916member
    So why is Apple being included in that list?

    Is it so they have a gold standard to compare all others to? To make it appear they aren't just targeting Android device makers?

    Or are they really that clueless about how updates occur and are in for a rude awakening when they see the huge disparity between iOS and Android?
    jbdragonjony0
  • Reply 7 of 12
    boltsfan17boltsfan17 Posts: 2,066member
    lkrupp said:
    Wait... What? The government is investigating whether technology companies issue security patches in a timely matter, and then turns right around and demands back doors to get around those very patches so they can hack a device at will? Is that what’s going on here? And they want to know about any vulnerabilities and whether they have been solved? Isn’t that just giving the henhouse key to the fox?
    Our tax dollars hard at work. 
    jbdragon
  • Reply 8 of 12
    sflocalsflocal Posts: 4,334member
    foggyhill said:
    r00fus1 said:
    Yesss! It's pitiable that Android handset manufacturers can get away with delaying critical security patches for months (that is months after Google patches Android which may take weeks or months as well) while raking in billions in revenue selling insecure devices. I have friends and family who will never own Apple devices, and while I think Apple devices are more secure, those who use Android shouldn't be made to suffer because their manufacturer is playing fast and loose with updates.
    Get a clue, the reason its like that is that OEM and phone company can barely make a buck off new phones let alone supporting old phones and Google fucked up in the way they intially created the OS.

    Not allowing OEM's to actually be able to take control of their own version of Android (thus anti trust investigations) explains why they don't give a crap.

    Google set up things to be the way they are and now you're whining about the OEM not spending their last bit of profits supporting old phones!

    If they OEM's have to lose money to support those old phones, most will just fold and there will be not selection left in the Android space at all except maybe conglomerates like Samsung and LG.
    I can't believe you have me defending Google!  I find it odd that you think the handset makers forking/bastardizing Android is better for the OS?!  They can barely make a decent phone, let alone have the software talent to maintain something so complex.  What WILL happen in your scenario are that the handset makers will fork Android so bad, that they will literally lock out everything and that they will only allow apps through their own brand-specific App store.  They only make money on the handsets.  There is ZERO incentive for the handset makers to go back and support a device over 6 months old.  ZERO!  

    I mean really... the reasons are so obvious, I'm really surprised you are even implying that it would be better.

    Android is a mess because Google wants consistency and the handset makers just want to wreck it for their own, personal gain.  The handset makers proved to me that they would be the worse since it's obvious they have zero ability and/or incentive RIGHT NOW to update the OS on their older handsets.  I mean really... WTF??
    dasanman69gatorguy
  • Reply 9 of 12
    SpamSandwichSpamSandwich Posts: 30,395member
    lkrupp said:
    Wait... What? The government is investigating whether technology companies issue security patches in a timely matter, and then turns right around and demands back doors to get around those very patches so they can hack a device at will? Is that what’s going on here? And they want to know about any vulnerabilities and whether they have been solved? Isn’t that just giving the henhouse key to the fox?
    Believe it or not, government is just a name for the thousands of people who operate with their own individual agendas and self-interest. There is no "hive mind".
    edited May 2016 chasmanantksundaramjony0
  • Reply 10 of 12
    The notion that older Android devices can even be patched at all is a flimsy one.

    These are manufacturers who put out a myriad of devices, many of which only exist as a singular product, a carrier-specific sku or a one-time promotional differentiator. We're talking hundreds to thousands of models from each manufacturer.

    There is simply insufficient resources to go over each and every Android device and patch them. The people who may be knowledgeable for such devices may have even moved on entirely.

    The problem is mirrored by developing for Android, where similar fragmentation and inconsistent quality of sensors across devices force developers into lengthy testing and revision processes.

    We're talking about a scenario where even the latest devices are not running a recent version of Android, and even receiving a single patch is of low probability.
    edited May 2016
  • Reply 11 of 12
    ttollertonttollerton Posts: 163member
    Let me see if I understand this.

    1. The federal government has issued multiple sets of orders and guidance to enhance sharing of threat and vulnerability information between the public and private sectors.  

    2. The federal government is not releasing knowledge of the vulnerability used to hack into an iPhone so they can use it again.  

    3. The federal government is investigating Apple for how effective they are at patching vulnerabilities.  

    Neat. 
    adonissmupalominejackansi
  • Reply 12 of 12
    adonissmuadonissmu Posts: 1,772member
    Wait wait wait... The government was just complaining about not being able to break into Apple's products in court. Now they think the phones should be patched up ASAP or else.... 
Sign In or Register to comment.