An error occurred:

Check: LGA6-20-103101

LG Android 6-x STIG: LGA6-20-103101 (in versions v1 r2 through v1 r1)

Title

LG Android 6.x must be configured to disable automatic updates of system software. (Cat II impact)

Discussion

FOTA allows the user to download and install firmware updates over-the-air. These updates can include OS upgrades, security patches, bug fixes, new features and applications. Since the updates are controlled by the carriers, DoD will not have an opportunity to review and update policies prior to update availability to end users. Disabling FOTA will mitigate the risk of allowing users access to applications that could compromise DoD sensitive data. After reviewing the update and adjusting any necessary policies (i.e., disabling applications determined to pose risk), the administrator can re-enable FOTA. SFR ID: FMT_SMF_EXT.1.1 #45

Check Content

This validation procedure is performed on both the MDM Administration Console and the LG Android device. On the MDM console, do the following: 1. Ask the MDM administrator to display the list of unapproved core and preinstalled applications in the "Application blacklist configuration (launch)" setting in the MDM console. 2. Verify the FOTA client application (package name: com.lge.lgdmsclient) is on the blacklist. 3. Verify the policy has been assigned to all groups. On the LG Android device: 1. Unlock the device. 2. Open the device settings. 3. Navigate to Settings >> General >> About phone >> Software update (AT&T) (or System Updates for Verizon) 4. Verify the when the user clicks the "Software Update" the following message is displayed: "Cannot open this app by server policy." If on the MDM console in the "Application blacklist configuration (launch)" does not list the FOTA client or on the LG Android device the "Software Update" setting can be launched, this is a finding.

Fix Text

Configure the mobile operating system to disable automatic updates of system software. On the MDM Console, add the FOTA client application (package name: com.lge.lgdmsclient) in “Application blacklist (launch)" to disable automatic updates of system software.

Additional Identifiers

Rule ID: SV-81351r2_rule

Vulnerability ID: V-66861

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-000366

The organization implements the security configuration settings.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
CM-6

Configuration Settings