Should enterprises ban Samsung devices in BYOD policies in light of recent discoveries concerning security vulnerabilities...
in the Samsung Android kernel that the company deployed on several popular devices? Is there a way to use those devices safely?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Samsung makes some of the most popular Android-based mobile devices in the world, and many of its devices are in use in enterprises. Samsung's smartphone efforts, however, are relatively new and its software development practices are immature. This was demonstrated when simple security vulnerabilities were recently found in some of its printers.
In this context, the recent discoveries concerning Android kernel vulnerabilities in Samsung smartphones further indicate that the South Korean tech giant needs to improve its software security development lifecycle. This particular Android kernel vulnerability enables an application or process to write directly to a device's memory, allowing an application or process to root the phone. These devices can still be used safely but should be placed on isolated networks to minimize the risk they pose.
One of the issues with mobile device security is that many users don't realize the embedded operating system (OS) needs to be patched or maintained. For smartphones, consumers rely on cellular carriers to push out updates to their devices, but carriers are typically slow with pushing these updates. Other devices, such as tablets, need to be updated manually with the latest firmware. Enterprises can detect if these devices are connected to their networks by performing vulnerability scans or by using passive vulnerability scanners that look for browser strings. Once these devices have been identified, tech support can tell users the steps they need to take to secure their devices, including updating the OS. Most enterprise patch management systems don't support these devices, so this can help manage the risk around allowing Samsung devices in a BYOD environment.
Dig Deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis
Latentbot malware has layers of obfuscation that makes it hard to detect. Expert Nick Lewis explains how its process works, beginning with a phishing...continue reading
A hard to detect type of Linux malware, Rekoobe, can download files to user systems. Expert Nick Lewis explains the malware's key functionality and ...continue reading
Pro POS, a new type of POS malware, has simple operations and is easy to obtain. How was it so successful against businesses? Expert Nick Lewis ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.