Popular tablets have worrying security flaws
- 08 October, 2012 12:02
Serious security flaws in the Samsung Galaxy Tab tablet device make it difficult to recommend for use in the enterprise, raising concerns for organisations looking to introduce bring-your-own-device (BYOD) policies, according to a new study.
The research – published by Context Information Security – also looked at the enterprise security features of competing devices, the Apple iPad and RIM BlackBerry PlayBook.
It found that although these devices performed better than the Samsung Galaxy Tab in relation to security controls, “they both have security problems including desktop software that does not encrypt backups by default.”
Context investigated several security controls to determine if they were suitable for enterprise use. These included data protection, software integrity and updates, access control, security configuration profiles and connectivity, and backup and synchronisation.
The Samsung Galaxy Tab doesn’t ship with a locked bootloader and its disk encryption scheme has vulnerabilities. Even when encryption is enabled on the Galaxy, it allows badly written apps to store sensitive information on the unencrypted SD card, the report said.
A lack of enterprise-level management tools beyond Microsoft Exchange ActiveSync also means it’s difficult to manage more than a small number of Galaxy Tabs in an enterprise environment, the report said. The Apple iPad also shares this problem with the Apple tools that are available, the report added.
The report's author, Jonathon Roach, said the tablet’s format is perfect for social networking and creating a sharing documents, presentations and other content on-the-fly “but the same characteristics also present tough security challenges for organisations.
“Context’s research suggests that most tablet manufacturers still have a way to go before their products can deliver the high levels of security required for use in most corporate enterprises,” Roach said.
Despite these issues, Context found that all three tablets have reasonably good support for Microsoft Exchange ActiveSync, which means that core security configurations can be managed from a central Exchange server.
The company said the BlackBerry was “far more advanced in its level of readiness for BYOD than the other two tablets and provided excellent logical and data separation between work and personal modes.
Whether or not the Samsung Galaxy Tab is suitable for the enterprise may be the least of Samsung’s problems.
The company is locked in a legal battle with Apple over patents and in August, a jury in California found it had improperly violated patented technology in the iPhone and iPad. Apple was awarded US$1.05 billion in damages.
A fresh battle may emerge between the two companies after The Wall Street Journal reported today that Samsung planned to run a television commercial that “pokes fun at Apple’s iPhone 5” in Australia and New Zealand. A similar commercial is being run in the US.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.
Why change management doesn’t work
Larry Page wants to see your medical records
Dual-Persona Smartphones Not a BYOD Panacea
After two-year hiatus, EFF accepts bitcoin donations again
CIOs struggle to deliver timely mobile business apps: survey
Advanced Persistent Threats and Real-Time Threat Management
Businesses face a constantly evolving threat landscape. One of the greatest challenges is presented by advanced persistent threats (APTs), which are sophisticated, multi‐faceted attacks targeting a particular organisation. Mitigating the risk of APTs requires advances beyond traditional layered security to include real‐time threat management. This whitepaper describes the nature of APTs, the risks they pose to businesses, and techniques for blocking, detecting, and containing APTs and other emerging threats. Read now.
Hybrid IT Service Management: A Requirement for Virtualisation and Cloud Computing
When competition is tough and resources are limited, corporate leaders are depending on growing their existing capabilities in order to grow their business. Information technology can be a unique catalyst for business growth, delivering a competitive advantage when creatively applied to established and emerging problems. Read more on what trends are accelerating the value of IT.
Endpoint Protection Overview
With the exponential growth and sophistication of malware today, the security industry can no longer afford to ‘bury its head in the sand’. The bottom line is that traditional endpoint security protection is now ineffective due to the sheer volume, quality, and complexity of malware. This paper looks at this problem and how Webroot, by going back to the drawing board on countering malware threats, is revolutionising endpoint protection and solving the issues that hinder existing endpoint security solutions. Download now.