(Adds industry reaction, details of inquiries)
By David Shepardson
WASHINGTON, May 9 (Reuters) - The Federal Communications
Commission and Federal Trade Commission have asked mobile phone
carriers and manufacturers to explain how they release security
updates amid mounting concerns over security vulnerabilities,
the U.S. agencies said on Monday.
The agencies have written to Apple Inc AAPL.O , AT&T Inc (NYSE:T)
T.N and Alphabet Inc GOOGL.O , among others, in order "to
better understand, and ultimately to improve, the security of
mobile devices," the FCC said.
The FCC sent letters to six mobile phone carriers on
security issues, while the FTC ordered eight mobile device
manufacturers including BlackBerry Ltd BB.TO , Microsoft Corp
MSFT.O , LG Electronics USA Inc and Samsung Electronics (KS:005930) America
Inc SMELA.UL to disclose "the factors that they consider in
deciding whether to patch a vulnerability on a particular mobile
device."
The FTC also seeks "detailed data on the specific mobile
devices they have offered for sale to consumers since August
2013" and "the vulnerabilities that have affected those devices;
and whether and when the company patched such vulnerabilities."
The agencies are opening the inquiry about how mobile
carriers and manufacturers handle security updates for mobile
devices because consumers and businesses are conducting a
growing amount of daily activities on mobile devices and new
questions have been raised about how the security of mobile
communications.
The "safety of their communications and other personal
information is directly related to the security of the devices
they use," the FCC said. "There have recently been a growing
number of vulnerabilities associated with mobile operating
systems that threaten the security and integrity of a user's
device."
The FCC said it sent letters to mobile carriers including
AT&T, Verizon Communications Inc (NYSE:VZ) VZ.N , Sprint Corp S.N , U.S.
Cellular Corp USM.N , Tracfone Wireless, which is owned by
America Movil SAB AMXL.MX , and T-Mobile US TMUS.O , which is
owned by Deutsche Telekom DTEGn.DE , "asking questions about
their processes for reviewing and releasing security updates for
mobile devices."
The companies must respond to the FCC and FTC questions
within 45 days.
There were more than 355 million U.S. mobile wireless
devices in use in 2014, the FCC said in a December report. The
agency said that number had risen to 382 million by mid-2015,
citing company disclosures.
The FCC noted that a vulnerability called "Stagefright" in
the Android operating system could affect almost 1 billion
Android devices globally. Reuters reported in August that Google
and Samsung planned to release monthly security fixes for
Android phones.
The change came after security researcher Joshua Drake found
a vulnerability that could allow attackers to send a special
multimedia message to an Android phone and access sensitive
content even if the message is unopened.
Google did not immediately comment on Monday. Apple declined
to comment.
Consumers may be left unprotected, potentially indefinitely,
by any delays in patching vulnerabilities, the FCC said.
John Marinho, vice president for cybersecurity at CTIA, a
wireless trade group, said in a statement that "customers'
security remains a top priority for wireless companies, and
there is a very strong partnership among carriers."
(Editing by Bernadette Baum and Matthew Lewis)