Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-25020 | WIR-MOS-AND-041 | SV-34999r1_rule | ECWN-1 | Low |
Description |
---|
The Wi-Fi radio can be used by a hacker to connect to the smartphone without the knowledge of the user. Sensitive DoD data could be exposed and the hacker could use the device to attack the enclave. |
STIG | Date |
---|---|
Android 2.2 (Dell) Security Technical Implementation Guide | 2014-08-26 |
Check Text ( C-34875r1_chk ) |
---|
The user will never enable the Wi-Fi radio unless authorized to use Wi-Fi (User Based Enforcement (UBE)). If Wi-Fi use is authorized, the user should turn-off the smartphone Wi-Fi radio whenever Wi-Fi service is not needed. On a sample of site-managed Android devices (pick 3-4 random devices), verify the Wi-Fi radio is turned off. -Have the user turn on and log into the device. -Go to Settings > Wireless & networks > Wi-Fi. Wi-Fi should be turned off. Mark as a finding if configuration is not set as required. |
Fix Text (F-27691r4_fix) |
---|
Train user to disable the CMD Wi-Fi radio unless Wi-Fi connectivity is desired for a known authorized Wi-Fi connection. |