Should enterprises ban Samsung devices in BYOD policies in light of recent discoveries concerning security vulnerabilities in the Samsung Android kernel that the company deployed on several popular devices? Is there a way to use those devices safely?
Ask the Expert
Have questions about enterprise information security threats for expert Nick Lewis? Send them via email today! (All questions are anonymous.)
Samsung makes some of the most popular Android-based mobile devices in the world, and many of its devices are in use in enterprises. Samsung's smartphone efforts, however, are relatively new and its software development practices are immature. This was demonstrated when simple security vulnerabilities were recently found in some of its printers.
In this context, the recent discoveries concerning Android kernel vulnerabilities in Samsung smartphones further indicate that the South Korean tech giant needs to improve its software security development lifecycle. This particular Android kernel vulnerability enables an application or process to write directly to a device's memory, allowing an application or process to root the phone. These devices can still be used safely but should be placed on isolated networks to minimize the risk they pose.
One of the issues with mobile device security is that many users don't realize the embedded operating system (OS) needs to be patched or maintained. For smartphones, consumers rely on cellular carriers to push out updates to their devices, but carriers are typically slow with pushing these updates. Other devices, such as tablets, need to be updated manually with the latest firmware. Enterprises can detect if these devices are connected to their networks by performing vulnerability scans or by using passive vulnerability scanners that look for browser strings. Once these devices have been identified, tech support can tell users the steps they need to take to secure their devices, including updating the OS. Most enterprise patch management systems don't support these devices, so this can help manage the risk around allowing Samsung devices in a BYOD environment.
Dig deeper on Smartphone and PDA Viruses and Threats-Setup and Tools
Related Q&A from Nick Lewis, Enterprise Threats
The Zeus malware is threatening RTF security by embedding itself in the file, which is commonly seen as safer than other file formats such as PDFs. ...continue reading
Enterprise threats expert Nick Lewis explains how to detect and avoid one of the most advanced malware threats: The Mask.continue reading
Hybrid threats are becoming an increasing issue for mobile devices. Enterprise threats expert Nick Lewis explains how to mitigate the risk.continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.