Cheap Android tablets increase BYOD risk
A bring your own device (BYOD) strategy can ease the burden on business IT departments by allowing demanding users to supply, and maintain, their own equipment. With increasingly tribal users strongly preferring Apple, Windows, or Android as their computing platform, bring your own device can end the need for the IT Manager to be one who makes the decision on who has what.
Any sensible BYOD strategy requires that users add anti-virus, of course, and some still restrict the use of some platforms to ensure compatibility between users’ chosen devices and core IT systems. But few BYOD strategies dictate the quality of devices that must be used. For every user who supplements their BYOD budget to make sure they have the latest and greatest gadgets, there will be a user who is looking to economise.
A cheap Android tablet is one area where a user can add an extra device to their portfolio without breaking the bank. Sadly, the openness of the Android operating system not only helps to bring down prices but can also increase the risk to users. What might look like a “stock” installation of Android can be anything but, as a recent study by BlueBox Labs revealed.
In the study, BlueBox Labs found a range of serious security problems were present on the devices that they tested “out of the box”. With no provision for upgrades or “over the air” updates on these budget tablets, these problems are never going to be fixed. Vulnerabilities such as Heartbleed, FakeID, Futux, and Masterkey were all detected.
Some of the tablets were also being shipped with the malicious software protection (the setting that prevents software from sources other than the Google Play store from being installed) switched off. Whilst this is a setting that some users might use to install in-house software, it isn’t something that should be left switched on or be there by default without the user’s knowledge.
The issues didn’t end there. Some budget tablets were found to be “rooted” out of the box, compromising Android’s security layer and making things easier for hackers. Custom versions of Android were also found, some with security features completely removed for no discernible reason.
The final blow against the budget tablets comes in BlueBox Lab’s claims to have found dubious software on some devices, including custom versions of “Angry Birds” that collected extra user data.
If you’re currently allowing Android tablets as part of your BYOD strategy, it may be time to make sure that your users are checking their devices are secure, or maybe to offer a list of recommended devices that are proven to be safe.
