UCF STIG Viewer Logo

Samsung Android must be configured to enable authentication of personal hotspot connections to the device using a preshared key.


Overview

Finding ID Version Rule ID IA Controls Severity
V-93909 KNOX-09-000945 SV-103995r1_rule Medium
Description
If no authentication is required to establish personal hotspot connections, an adversary may be able to use that device to perform attacks on other devices or networks without detection. A sophisticated adversary may also be able to exploit unknown system vulnerabilities to access information and computing resources on the device. Requiring authentication to establish personal hotspot connections mitigates this risk. Application note: If hotspot functionality is permitted, it must be authenticated via a preshared key. There is no requirement to enable hotspot functionality. SFR ID: FMT_SMF_EXT.1.1 #41a
STIG Date
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment Security Technical Implementation Guide 2020-05-15

Details

Check Text ( C-93227r1_chk )
Review device configuration to confirm that unsecured hotspots are disallowed.

This procedure is performed on both the MDM Administration console and the Samsung Android device.

On the MDM console, for the device, in the "Knox Wifi" group, verify that "allow unsecured hotspot" is not selected.

On the Samsung Android device, do the following:
1. Open Settings.
2. Tap "Connections".
3. Tap "Mobile Hotspot and Tethering".
4. Tap "Mobile Hotspot".
5. Tap Overflow menu (three vertical dots).
6. Tap "Configure Mobile Hotspot".
7. Tap "Open in Security drop down".
8. Verify that "Save" is disabled.

If on the MDM console "allow unsecured hotspot" is selected, or on the Samsung Android device an Open Mobile Hotspot configuration can be saved, this is a finding.
Fix Text (F-100157r1_fix)
Configure Samsung Android to disallow unsecured hotspots.

On the MDM console, in the Knox Wifi restrictions, unselect "allow unsecured hotspot".