The Samsung Android 7 with Knox platform must implement the management setting: Disable Samsung WiFi Sharing.

From Samsung Android OS 7 with Knox 2.x Security Technical Implementation Guide

Part of PP-MDF-991000

Associated with: CCI-000366

SV-91327r1_rule The Samsung Android 7 with Knox platform must implement the management setting: Disable Samsung WiFi Sharing.

Vulnerability discussion

WiFi Tethering allows a device to act as an Access Point sharing its data connection with other wirelessly connected devices. Previously the device could only share its Mobile (Cellular) data connection. On the Device menus this is referred to as "Mobile Hotspot". The new feature is an optional configuration of WiFi Tethering/Mobile Hotspot, which allows the Device to share its WiFi connection with other wirelessly connected devices, instead of its Mobile (Cellular) connection.WiFi sharing grants the "other" device access to a corporate WiFi network, and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a pre-shared key for personal hotspots.SFR ID: FMT_SMF_EXT.1.1 #47

Check content

Verify WiFi Sharing is disabled or alternately, the "WiFi Tethering/Mobile Hotspot" control is disabled. First, determine if the AO has approved WiFi Tethering/Mobile Hotspot use. Written approval must be presented for verification of AO approval. If there is no written AO approval that WiFi Tethering/Mobile Hotspot use do the following: - On the MDM console, verify the "WiFi Tethering/Mobile Hotspot" control is disabled in the "WiFi Policy" rule. If the AO has approved WiFi Tethering/Mobile Hotspot use do the following: - On a sample of site Samsung devices, go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot and verify "Wi-Fi Sharing" is turned off. Note: This setting cannot be managed by the MDM administrator and is a User Based Enforcement (UBE) requirement. If the AO has not approved WiFi Tethering/Mobile Hotspot use and on the MDM console the "WiFi Tethering/Mobile Hotspot" control is not disabled in the "WiFi Policy" rule, this is a finding. If the AO has approved WiFi Tethering/Mobile Hotspot use and the WiFi Sharing setting on a Samsung device is turned on, this is a finding.

Fix text

Disable WiFi Sharing using one of the following methods: 1. If the AO has not approved hotspot tethering for site Samsung devices, on the MDM console, select the "Disable WiFi Tethering/Mobile Hotspot"" checkbox in the "WiFi Policy" rule. OR 2. If the AO has approved hotspot tethering for site Samsung devices, on the Samsung device go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot. Turn off WiFi Sharing if it is enabled. WiFi Sharing is disabled by default. Note: Mobile Hotspot must be enabled in order to enable WiFi Sharing.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer