March 29, 2011 | By Chris Palmer

Mobile Carrier Delays Harm Internet Security

By delaying or even blocking security updates for mobile devices, mobile carriers put their users, their business, and the country’s critical infrastructure at unnecessary risk. Mobile security problems plague the entire software stack — the baseband, the kernel, the application frameworks, and the applications — and carriers continue to resist shipping regular and frequent updates.

For a specific example, consider the compromise of a Comodo certificate authority. The only “solution” for the problem of Comodo’s compromised CA is to update the browser and ship the new browser to every client computer. Without that update, browsers remain vulnerable to the hacker. While personal computer users might plausibly update their computers, mobile users have little or no control over the security status of their devices. There is unlikely to be any update they can get any time soon. Mobile devices will remain vulnerable to the fraudulent certificates for many months (or years) to come.

In fact, Ars Technica reported last week that Windows Phone 7 on AT&T is all but guaranteed to be months out of date at any given time — if it ever gets updates at all. Android and iPhone suffer from delayed updates as well.

Mobile carriers are chiefly to blame for this problem. Although Apple, Google, and Microsoft should develop security fixes faster, they are fundamentally limited by carrier intransigence.

Carriers should stop blocking frequent updates for mobile devices, and should work with subscribers and with platform vendors to ship security updates on an internet timescale.


Deeplinks Topics

Stay in Touch

NSA Spying

EFF is leading the fight against the NSA's illegal mass surveillance program. Learn more about what the program is, how it works, and what you can do.

Follow EFF

You can support EFF and get DRM-free ebooks about hacking in the Humble Book Bundle featuring @nostarch! https://www.humblebundle.com/...

May 3 @ 3:30pm

Tell your senators to stand up for consumers’ rights and fight forced arbitration. https://www.eff.org/deeplinks...

May 3 @ 2:49pm

The problems with DRM go so much deeper than limiting what you can do with your movies and music. https://www.eff.org/deeplinks... #DayAgainstDRM

May 3 @ 2:38pm
JavaScript license information