Samsung Android 8 with Knox for Android must implement the management setting: Disable Samsung Wi-Fi Sharing.

From Samsung Android OS 8 with Knox 3.x COPE Use Case Security Technical Implementation Guide

Part of PP-MDF-991000

Associated with: CCI-000366

SV-95083r1_rule Samsung Android 8 with Knox for Android must implement the management setting: Disable Samsung Wi-Fi Sharing.

Vulnerability discussion

Wi-Fi Tethering allows a device to act as an Access Point, sharing its data connection with other wirelessly connected devices. Previously the device could only share its mobile (cellular) data connection. On the Device menus, this is referred to as "Mobile Hotspot". The new feature is an optional configuration of Wi-Fi Tethering/Mobile Hotspot, which allows the device to share its Wi-Fi connection with other wirelessly connected devices instead of its mobile (cellular) connection.Wi-Fi sharing grants the "other" device access to a corporate Wi-Fi network and may possibly bypass the network access control mechanisms. This risk can be partially mitigated by requiring the use of a pre-shared key for personal hotspots.SFR ID: FMT_SMF_EXT.1.1 #47

Check content

Verify Wi-Fi Sharing is disabled or alternately, the "Wi-Fi Tethering/Mobile Hotspot" control is disabled. Determine if the Authorizing Official (AO) has approved Wi-Fi Tethering/Mobile Hotspot use. Written approval must be presented for verification of AO approval. If there is no written AO approval for Wi-Fi Tethering/Mobile Hotspot use, do the following: On the MDM console, verify the "Wi-Fi Tethering/Mobile Hotspot" control is disabled in the "WiFi Policy" rule. If the AO has approved Wi-Fi Tethering/Mobile Hotspot use, do the following: On a sample of site Samsung devices, go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile Hotspot and verify "Wi-Fi Sharing" is turned off. Note: This setting cannot be managed by the MDM Administrator and is a User Based Enforcement (UBE) requirement. If the AO has not approved Wi-Fi Tethering/Mobile Hotspot use and on the MDM console the "Wi-Fi Tethering/Mobile Hotspot" control is not disabled in the "WiFi Policy" rule, this is a finding. If the AO has approved Wi-Fi Tethering/Mobile Hotspot use and the "Wi-Fi Sharing" setting on a Samsung device is turned on, this is a finding.

Fix text

Disable Wi-Fi Sharing using one of the following methods: 1. If the AO has not approved hotspot tethering for site Samsung devices, on the MDM console, select the "Disable Wi-Fi Tethering/Mobile Hotspot"" check box in the "WiFi Policy" rule. 2. If the AO has approved hotspot tethering for site Samsung devices, on the Samsung device, go to Settings >> Connections >> Mobile Hotspot and Tethering >> Mobile hotspot. Turn off "Wi-Fi Sharing" if it is enabled. Note: Mobile Hotspot must be enabled in order to enable Wi-Fi Sharing. Wi-Fi Sharing is disabled by default.

Pro Tips

Lavender hyperlinks in small type off to the right (of CSS class id, if you view the page source) point to globally unique URIs for each document and item. Copy the link location and paste anywhere you need to talk unambiguously about these things.

You can obtain data about documents and items in other formats. Simply provide an HTTP header Accept: text/turtle or Accept: application/rdf+xml.

Powered by sagemincer