Title

If smartphone email auto signatures are used, the signature message must not disclose the email originated from a smartphone (e.g., “Sent From My Wireless Handheld”). (Cat III impact)

Discussion

The disclaimer message may give information which may key an attacker in on the device.

Check Content

Verify the auto-signature, if used, meets requirements. -Check a random sample of 3-4 devices. -On the handheld, launch the Good client and go to Preferences > Signature. Mark as a finding if the device has been configured with an auto-signature and signature states the email originated from a smartphone.

Fix Text

Configure the iOS email auto-signature message, so it does not disclose the email originated from the iOS device (e.g., Sent From My Wireless Handheld).

Additional Identifiers

Rule ID: SV-35014r1_rule

Vulnerability ID: V-24984

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.