Title

LG Android 6.x must be configured to disable download mode. (Cat II impact)

Discussion

Download mode allows the firmware of the device to be flashed (updated) by the user. All updates should be controlled by the system administrator to ensure configuration control of the security baseline of the device. SFR ID: FMT_SMF_EXT.1.1 #45

Check Content

This validation procedure is performed on the MDM Administration Console. On the MDM console, do the following: 1. Ask the MDM administrator to display the "Allow Download mode" setting in the MDM console. 2. Verify the setting for the Download mode is disabled. 3. Verify the policy has been assigned to all groups. If on the MDM console "Allow download mode" setting is enabled, this is a finding.

Fix Text

Configure the mobile device to disable download mode. On the MDM Administration Console, disable the "Allow download mode" setting.

Additional Identifiers

Rule ID: SV-81385r2_rule

Vulnerability ID: V-66895

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.