The mobile operating system must prohibit remote activation of collaborative computing functions, including microphones, cameras, and networked white boards without user concurrence.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-33164 | SRG-OS-000175-MOS-000097 | SV-43562r1_rule | Medium |
| Description |
|---|
| If an adversary can remotely activate collaborative computing functions, the adversary may be able to listen to the user's conversations, obtain visual data about the user's surroundings, or read sensitive information on the display of the user's device. To mitigate these risks, only a user in immediate possession of the device should be able to activate these functions. |
| STIG | Date |
|---|---|
| Mobile Operating System Security Requirements Guide | 2013-07-03 |
Details
| Check Text ( C-41424r1_chk ) |
|---|
| Review system documentation and both operating system and application configuration to determine if it is possible to remotely activate collaborative computing functions. Also, review IA information resources to determine if such vulnerabilities have been reported on devices running this operating system. If it is possible to remotely activate a collaborative computing function, this is a finding. |
| Fix Text (F-37064r1_fix) |
|---|
| Configure the operating system and relevant applications to prohibit remote activation of collaborative computing functions. |