In response to the FTC’s recent announcement of its intent to study security update practices within the mobile industry, Cesare Garlati, Chief Security Strategist of the prpl Foundation, former Vice President of mobile security at Trend Micro, and current co-chair of the Cloud Security Alliance Mobile Working Group, expressed a degree of frustration with the scope of project.
According to Garlati, “Mobile is now just a small fraction of the devices that surround us. In the years that passed since the FTC began publicly discussing this issue in 2013, the threat landscape has changed so much to be almost unrecognizable. This effort is a good first step, but it needs to have a much wider scope in order to be effective—every connected device could pose a threat, and the hyper-focus on mobile security updates simply isn’t enough. Every connected device needs a clear path for receiving these critical security updates. What good is it if your phone is up-to-date if your home access gateway has been exploited? What about all other consumer IoT devices? IoT is still very much in its infancy – with people eager to get their hands on the latest and greatest connected devices and manufacturers rushing to get them to market, and security is often an afterthought.