March 29, 2011 | By Chris Palmer

Mobile Carrier Delays Harm Internet Security

By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack — the baseband, the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates.

For a specific example, consider the compromise of a Comodo certificate authority. The only “solution” for the problem of Comodo’s compromised CA is to update the browser and ship the new browser to every client computer. Without that update, browsers remain vulnerable to the hacker. While personal computer users might plausibly update their computers, mobile users have little or no control over the security status of their devices. There is unlikely to be any update they can get any time soon. Mobile devices will remain vulnerable to the fraudulent certificates for many months (or years) to come.

In fact, Ars Technica reported last week that Windows Phone 7 on AT&T is all but guaranteed to be months out of date at any given time — if it ever gets updates at all. Android and iPhone suffer from delayed updates as well.

Mobile carriers are chiefly to blame for this problem. Although Apple, Google, and Microsoft should develop security fixes faster, they are fundamentally limited by carrier intransigence.

Carriers should stop blocking frequent updates for mobile devices, and should work with subscribers and with platform vendors to ship security updates on an internet timescale.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

FBI Director Comey will testify tomorrow before Congress about "going dark." We've preemptively busted all his myths. eff.org/r.9vdh

Jul 7 @ 4:55pm

We're hiring an activist. Here's why you should apply to this dream job: https://eff.org/r.shdh

Jul 7 @ 4:49pm

WIPO continues to edge closer to a disastrous treaty that would hand new copyright-like rights to broadcasters: https://eff.org/r.ul9a

Jul 7 @ 4:05pm
JavaScript license information