WASHINGTON, May 9 (Reuters) - The Federal Communications Commission and Federal Trade Commission have asked mobile phone carriers and manufacturers to explain how they release security updates amid mounting concerns over security vulnerabilities, the U.S. agencies said on Monday.
The agencies have written to Apple Inc, AT&T Inc and Alphabet Inc, among others, in order "to better understand, and ultimately to improve, the security of mobile devices," the FCC said.
The FCC sent letters to six mobile phone carriers on security issues, while the FTC ordered eight mobile device manufacturers including BlackBerry Ltd, Microsoft Corp , LG Electronics USA Inc and Samsung Electronics America Inc to disclose "the factors that they consider in deciding whether to patch a vulnerability on a particular mobile device."
(MAIN) 2016 issues: Privacy
US investigates security of mobile devices
WASHINGTON, DC - APRIL 29: People wait in line in a steady rain to enter the Supreme Court Tuesday morning. The court takes on the issue of privacy in digital age with cases about police searches of cellphones without warrants on April 29, 2014 in Washington, DC. (Photo by Jonathan Newton / The Washington Post via Getty Images)
CLINTON, IA - AUGUST 16: Democratic presidential candidate U.S. Sen. Bernie Sanders (I-VT) holds up his mobile phone while answering a question about privacy issues during a campaign event at the IAFF Local 809 Union Hall August 16, 2015 in Clinton, Iowa. Sanders was scheduled for a full day of campaigning in eastern Iowa today. (Photo by Win McNamee/Getty Images)
NSA former intelligence contractor Edward Snowden talks as he participates via video link from Russia (Above) to a parliamentary hearing on the subject of 'Improving the protection of whistleblowers', held by Dutch rapporteur Pieter Omtzigt (Bottom C) on June 23, 2015, at the Council of Europe in Strasbourg, northeastern France. Snowden, who has been granted asylum in Russia, is being sought by Washington which has branded him a hacker and a traitor who endangered lives by revealing the extent of the NSA spying program. AFP PHOTO / FREDERICK FLORIN (Photo credit should read FREDERICK FLORIN/AFP/Getty Images)
WASHINGTON, DC - JUNE 01: U.S. Sen. Rand Paul (R-KY) heads back to his office after two television interviews in the Russell Senate Office Building on Capitol Hill June 1, 2015 in Washington, DC. In protest of the National Security Agency's sweeping program to collect U.S. citizens' telephone metadata, Paul blocked an extension of some parts of the USA PATRIOT Act, allowing them to lapse at 12:01 a.m. Monday. The Senate will continue to work to restore the lapsed authorities by amending a House version of the bill and getting it to President Obama later this week. (Photo by Chip Somodevilla/Getty Images)
WASHINGTON, DC - FEBRUARY 23: National Security Agency Director Adm. Mike Rogers speaks about cyber security at The New America Fondations cyber security conference at the Ronald Reagan building February 23, 2014 in Washington, DC. The day-long conference brings together experts and practitioners from various sectors to discuss a wide range of cybersecurity issues. (Photo by Mark Wilson/Getty Images)
WASHINGTON, DC - JANUARY 17: Alli McCracken joins activists protesting the surveillance of U.S. citizens by the NSA outside the Justice Department where U.S. President Barack Obama gave a major speech on reforming the NSA January 17, 2014 in Washington, DC. Obama was expected to announce reforms including a requirement by intelligence agencies to obtain permission from a secret court before utilizing access to telephonic data gathered on U.S. citizens. (Photo by Win McNamee/Getty Images)
WASHINGTON, DC - DECEMBER 11: (L to R) Director of the National Security Agency Gen. Keith Alexander, Deputy Attorney General James Cole, and general counsel of the Office of the Director of National Intelligence Robert Litt testify during a hearing before the Senate Judiciary Committee December 11, 2013 on Capitol Hill in Washington, DC. The committee held the hearing on 'Continued Oversight of U.S. Government Surveillance Authorities.' (Photo by Alex Wong/Getty Images)
Chris Christie, governor of New Jersey, speaks during a town hall meeting in Cedar Rapids, Iowa, U.S., on Friday, June 12, 2015. Christie, wooing Iowans, ripped federal lawmakers who he said used their opposition to renewing the Patriot Act as a fundraising pitch. Photographer: Daniel Acker/Bloomberg via Getty Images
WASHINGTON, DC - OCTOBER 26: Hundreds gather for a rally and march to stop NSA surveillance and government monitoring near the U.S. Capitol on Saturday, October 26, 2013, in Washington, DC. Today is the 12th anniversary of the signing of the USA Patriot Act. (Photo by Jahi Chikwendiu/The Washington Post via Getty Images)
WASHINGTON, DC - MAY 31: (L - R) Rep. Thomas Massie (R-KY) listens as Sen. Rand Paul (R-KY) speaks to reporters after exiting the Senate chamber, on Capitol Hill, May 31, 2015 in Washington, DC. The National Security Agency's authority to collect bulk telephone data is set to expire June 1, unless the Senate can come to an agreement to extend the surveillance programs. (Photo by Drew Angerer/Getty Images)
Discover More Like This
BACK TO SLIDE
The FTC also seeks "detailed data on the specific mobile devices they have offered for sale to consumers since August 2013" and "the vulnerabilities that have affected those devices; and whether and when the company patched such vulnerabilities."
The agencies are opening the inquiry about how mobile carriers and manufacturers handle security updates for mobile devices because consumers and businesses are conducting a growing amount of daily activities on mobile devices and new questions have been raised about how the security of mobile communications.
The "safety of their communications and other personal information is directly related to the security of the devices they use," the FCC said. "There have recently been a growing number of vulnerabilities associated with mobile operating systems that threaten the security and integrity of a user's device."
The FCC said it sent letters to mobile carriers including AT&T, Verizon Communications Inc, Sprint Corp, U.S. Cellular Corp, Tracfone Wireless, which is owned by America Movil SAB, and T-Mobile US, which is owned by Deutsche Telekom, "asking questions about their processes for reviewing and releasing security updates for mobile devices."
The companies must respond to the FCC and FTC questions within 45 days.
There were more than 355 million U.S. mobile wireless devices in use in 2014, the FCC said in a December report. The agency said that number had risen to 382 million by mid-2015, citing company disclosures.
The FCC noted that a vulnerability called "Stagefright" in the Android operating system could affect almost 1 billion Android devices globally. Reuters reported in August that Google and Samsung planned to release monthly security fixes for Android phones.
The change came after security researcher Joshua Drake found a vulnerability that could allow attackers to send a special multimedia message to an Android phone and access sensitive content even if the message is unopened.
Google did not immediately comment on Monday. Apple declined to comment.
Consumers may be left unprotected, potentially indefinitely, by any delays in patching vulnerabilities, the FCC said.
John Marinho, vice president for cybersecurity at CTIA, a wireless trade group, said in a statement that "customers' security remains a top priority for wireless companies, and there is a very strong partnership among carriers." (Editing by Bernadette Baum and Matthew Lewis)