Should enterprises ban Samsung devices in BYOD policies in light of recent discoveries concerning security vulnerabilities
in the Samsung Android kernel that the company deployed on several popular devices? Is there a way to use those devices safely?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Samsung makes some of the most popular Android-based mobile devices in the world, and many of its devices are in use in enterprises. Samsung's smartphone efforts, however, are relatively new and its software development practices are immature. This was demonstrated when simple security vulnerabilities were recently found in some of its printers.
In this context, the recent discoveries concerning Android kernel vulnerabilities in Samsung smartphones further indicate that the South Korean tech giant needs to improve its software security development lifecycle. This particular Android kernel vulnerability enables an application or process to write directly to a device's memory, allowing an application or process to root the phone. These devices can still be used safely but should be placed on isolated networks to minimize the risk they pose.
One of the issues with mobile device security is that many users don't realize the embedded operating system (OS) needs to be patched or maintained. For smartphones, consumers rely on cellular carriers to push out updates to their devices, but carriers are typically slow with pushing these updates. Other devices, such as tablets, need to be updated manually with the latest firmware. Enterprises can detect if these devices are connected to their networks by performing vulnerability scans or by using passive vulnerability scanners that look for browser strings. Once these devices have been identified, tech support can tell users the steps they need to take to secure their devices, including updating the OS. Most enterprise patch management systems don't support these devices, so this can help manage the risk around allowing Samsung devices in a BYOD environment.
Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis, Enterprise Threats
Expert Nick Lewis explains how to avoid a detrimental VPN bypass flaw that allows malicious apps to infiltrate Android devices.continue reading
Expert Nick Lewis explains how to keep call center employees from getting duped by social engineering scams and pretexting.continue reading
Researchers reportedly succeeded in extracting decryption keys using sound-based attacks. Is this a threat enterprises should worry about?continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.