Check: KNOX-09-000595
Samsung Android OS 9 with Knox 3.x COPE Use Case KPE(Legacy) Deployment STIG:
KNOX-09-000595
(in versions v1 r5 through v1 r1)
Title
Samsung Android Workspace must be configured to disable automatic completion of Samsung Internet browser text input. (Cat II impact)
Discussion
The autofill functionality in the web browser allows the user to complete a form that contains sensitive information, such as personally identifiable information (PII), without previous knowledge of the information. By allowing the use of autofill functionality, an adversary who learns a user's Samsung Android device password, or who otherwise is able to unlock the device, may be able to further breach other systems by relying on the autofill feature to provide information unknown to the adversary. By disabling the autofill functionality, the risk of an adversary gaining further information about the device's user or compromising other systems is significantly mitigated. SFR ID: FMT_SMF_EXT.1.1 #47
Check Content
Review the Samsung Android Workspace configuration settings to confirm that automatic completion of Samsung Internet app text input is disabled. This procedure is performed on both the MDM Administration console and the Samsung Android device. On the MDM console, for the Workspace, in the "Knox restrictions" group, verify that "allow autofill" is not selected. On the Samsung Android device, do the following: 1. From the "Workspace" App screen, launch the "Samsung Internet" app. 2. From the collapsed menu icon (three horizontal bars) on the toolbar, tap "Settings". 3. Tap "Privacy and security". 4. Verify that "Autofill forms" is disabled and cannot be enabled. If on the MDM console "allow autofill" is selected, or if on the Samsung Android device "Autofill forms" can be enabled by the user, this is a finding.
Fix Text
Configure Samsung Android Workspace to disable automatic completion of Samsung Internet app text input. On the MDM console, for the Workspace, in the "Knox restrictions" group, unselect "allow autofill".
Additional Identifiers
Rule ID: SV-217813r388482_rule
Vulnerability ID: V-217813
Group Title: PP-MDF-991000
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-000366 |
The organization implements the security configuration settings. |
Controls
Number | Title |
---|---|
CM-6 |
Configuration Settings |