Q

Should Android kernel vulnerabilities make enterprises avoid Samsung?

Expert Nick Lewis discusses the threat and significance of Android kernel vulnerabilities found in popular Samsung mobile devices.

Should enterprises ban Samsung devices in BYOD policies in light of recent discoveries concerning security vulnerabilities

in the Samsung Android kernel that the company deployed on several popular devices? Is there a way to use those devices safely?

Ask the Expert

Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)

Samsung makes some of the most popular Android-based mobile devices in the world, and many of its devices are in use in enterprises. Samsung's smartphone efforts, however, are relatively new and its software development practices are immature. This was demonstrated when simple security vulnerabilities were recently found in some of its printers.

In this context, the recent discoveries concerning Android kernel vulnerabilities in Samsung smartphones further indicate that the South Korean tech giant needs to improve its software security development lifecycle. This particular Android kernel vulnerability enables an application or process to write directly to a device's memory, allowing an application or process to root the phone. These devices can still be used safely but should be placed on isolated networks to minimize the risk they pose.

One of the issues with mobile device security is that many users don't realize the embedded operating system (OS) needs to be patched or maintained. For smartphones, consumers rely on cellular carriers to push out updates to their devices, but carriers are typically slow with pushing these updates. Other devices, such as tablets, need to be updated manually with the latest firmware. Enterprises can detect if these devices are connected to their networks by performing vulnerability scans or by using passive vulnerability scanners that look for browser strings. Once these devices have been identified, tech support can tell users the steps they need to take to secure their devices, including updating the OS. Most enterprise patch management systems don't support these devices, so this can help manage the risk around allowing Samsung devices in a BYOD environment.

This was first published in June 2013

Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close