UCF STIG Viewer Logo

Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a pre-shared key.


Overview

Finding ID Version Rule ID IA Controls Severity
V-99951 KNOX-10-004200 SV-109055r1_rule Medium
Description
If no authentication is required to establish personal hotspot connections, an adversary may be able to use that device to perform attacks on other devices or networks without detection. A sophisticated adversary may also be able to exploit unknown system vulnerabilities to access information and computing resources on the device. Requiring authentication to establish personal hotspot connections mitigates this risk. Application note: If hotspot functionality is permitted, it must be authenticated via a pre-shared key. There is no requirement to enable hotspot functionality. SFR ID: FMT_SMF_EXT.1.1 #41a
STIG Date
Samsung Android OS 10 with Knox 3.x Security Technical Implementation Guide 2020-03-24

Details

Check Text ( C-98801r1_chk )
Review Samsung Android configuration settings to determine if the mobile device has enabled authentication of personal hotspot connections to the device using a pre-shared key.

This validation procedure is performed on both the management tool Administration Console and the Samsung Android device.

On the management tool, in the device KPE restrictions section, verify that "Unsecured hotspot" is set to "Disallow".

On the Samsung Android device, do the following:
1. Open Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot >> (overflow menu) >> Configure Mobile Hotspot.
2. Tap option "Open" in the "Security" drop-down box.
3. Verify that "Save" is disabled.

If on the management tool "Unsecured hotspot" is not set to "Disallow", or on the Samsung Android device "Open" can be selected in the "Security" drop-down box and the configuration can be saved, this is a finding.
Fix Text (F-105635r1_fix)
Configure Samsung Android to enable authentication of personal hotspot connections to the device using a pre-shared key.

On the management tool, in the device KPE restrictions section, set "Unsecured hotspot" to "Disallow".