Should enterprises ban Samsung devices in BYOD policies in light of recent discoveries concerning security vulnerabilities...
in the Samsung Android kernel that the company deployed on several popular devices? Is there a way to use those devices safely?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Samsung makes some of the most popular Android-based mobile devices in the world, and many of its devices are in use in enterprises. Samsung's smartphone efforts, however, are relatively new and its software development practices are immature. This was demonstrated when simple security vulnerabilities were recently found in some of its printers.
In this context, the recent discoveries concerning Android kernel vulnerabilities in Samsung smartphones further indicate that the South Korean tech giant needs to improve its software security development lifecycle. This particular Android kernel vulnerability enables an application or process to write directly to a device's memory, allowing an application or process to root the phone. These devices can still be used safely but should be placed on isolated networks to minimize the risk they pose.
One of the issues with mobile device security is that many users don't realize the embedded operating system (OS) needs to be patched or maintained. For smartphones, consumers rely on cellular carriers to push out updates to their devices, but carriers are typically slow with pushing these updates. Other devices, such as tablets, need to be updated manually with the latest firmware. Enterprises can detect if these devices are connected to their networks by performing vulnerability scans or by using passive vulnerability scanners that look for browser strings. Once these devices have been identified, tech support can tell users the steps they need to take to secure their devices, including updating the OS. Most enterprise patch management systems don't support these devices, so this can help manage the risk around allowing Samsung devices in a BYOD environment.
Related Q&A from Nick Lewis
As the Angler exploit kit evolves and adopts new functionality, it's becoming harder to detect and defend against. Enterprise threats expert Nick ...continue reading
A proof-of-concept attack on Apple's Siri allowed researchers to steal data from iOS. Learn more about the iStegSiri attack and how to defend against...continue reading
A new global email scam has cost enterprises millions. Expert Nick Lewis explains how to defend against man-in-the-email attacks with proper training...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.