funsec mailing list archives
TIGTA: Android may be too risky for BYOD [IRS BYOD Pilot Program]
From: Jeffrey Walton <noloader () gmail com>
Date: Fri, 29 Nov 2013 00:47:25 -0500
This is kind of scary... BYOD at the IRS (and not just Android). I hope they don't allow access to taxpayer information. Or only allow access to top administration official's records so they can suffer the consequences. http://www.fiercemobilegovernment.com/story/tigta-android-may-be-too-risky-byod/2013-11-27 Android devices should not be part of the bring-your-own-device program for Internal Revenue Service employees until the agency reviews Android's security vulnerabilities, says the Treasury Inspector General for Tax Administration. The IRS rolled out a BYOD pilot program in September 2012 to let employees access the agency's network through their personal mobile devices. Initially, the program was limited to Apple devices. In May 2013--with hundreds of IRS employees participating through their iPhones and iPads--the IRS expanded the program to allow Android devices. But in a newly released report, dated Sept. 24, TIGTA says the IRS did not adequately consider the security weaknesses of the Android operating system. The report recommends that the IRS stop allowing Android devices into the BYOD program until it completes a security review that "thoroughly addresses" the risks associated with Android. Android is vulnerable due to "an open source operating system, a more lenient approval process for inclusion in the regulated app store, multiple third-party unregulated app stores, and lack of timely updates to correct operating system weaknesses," the report says. The IRS disagreed with the recommendation, saying management did consider security concerns. It also notes that the program is just a pilot and is under evaluation in a secured environment. Still, the report says TIGTA is "not convinced that the IRS executive" who authorized the program "had enough information to make an informed decision about the risks involved in bringing Android devices into the BYOD pilot." The report does note the importance of Android if the program advances past the pilot phase, saying it might not be worthwhile to have an agencywide BYOD program that is limited to Apple devices. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- TIGTA: Android may be too risky for BYOD [IRS BYOD Pilot Program] Jeffrey Walton (Nov 28)