A systems security engineer is assisting an organization's market survey team in reviewing requirements for an upcoming acquisition of mobile devices.
The engineer expresses concerns to the survey team about a particular class of devices that uses a separate SoC for baseband radio I/O.
For which of the following reasons is the engineer concerned?
Click on the arrows to vote for the correct answer
A. B. C. D.B.
The systems security engineer is expressing concerns to the organization's market survey team about a particular class of mobile devices that use a separate SoC (System-on-Chip) for baseband radio I/O. The baseband radio is responsible for communication between the mobile device and the wireless network. Here are the explanations for each answer option:
A. The engineer may be concerned that these devices can communicate over networks older than HSPA+ and LTE standards, exposing device communications to poor encryption routines. HSPA+ (Evolved High-Speed Packet Access) and LTE (Long-Term Evolution) are the latest standards for high-speed wireless communication. If the mobile devices in question use older networks, it may indicate that the devices themselves are outdated, making them more vulnerable to attacks. Additionally, if the encryption routines used for communication are poor, it could make it easier for attackers to intercept and decode sensitive information.
B. The engineer may not be concerned about the organization's inability to restrict the use of NFC (Near Field Communication), electromagnetic induction, and Bluetooth technologies. These are standard features found in most mobile devices and can be managed through the device's configuration settings or mobile device management (MDM) software.
C. The engineer may be concerned that the associated firmware is more likely to remain out of date and potentially vulnerable. Firmware is a type of software that is embedded in hardware and controls its functions. If the firmware is not updated regularly, it can become outdated and vulnerable to attacks. This can be a significant risk for mobile devices, which often store sensitive data and have access to corporate networks.
D. The engineer may be concerned that the manufacturers of the baseband radios are unable to enforce mandatory access controls within their driver set. Access controls are used to restrict access to sensitive data or functions. If the baseband radio's driver set does not enforce access controls, it could be possible for attackers to gain unauthorized access to the mobile device's network or data.
In summary, the engineer's concerns may be related to outdated mobile devices, poor encryption routines, outdated firmware, or weak access controls. It is important for the organization to consider these concerns when selecting mobile devices and implementing security controls to protect against potential threats.