Popular tablets have worrying security flaws

Serious security flaws in the Samsung Galaxy Tab tablet device make it difficult to recommend for use in the enterprise, raising concerns for organisations looking to introduce bring-your-own-device (BYOD) policies, according to a new study.

The research – published by Context Information Security – also looked at the enterprise security features of competing devices, the Apple iPad and RIM BlackBerry PlayBook.

It found that although these devices performed better than the Samsung Galaxy Tab in relation to security controls, “they both have security problems including desktop software that does not encrypt backups by default.”

Context investigated several security controls to determine if they were suitable for enterprise use. These included data protection, software integrity and updates, access control, security configuration profiles and connectivity, and backup and synchronisation.

The Samsung Galaxy Tab doesn’t ship with a locked bootloader and its disk encryption scheme has vulnerabilities. Even when encryption is enabled on the Galaxy, it allows badly written apps to store sensitive information on the unencrypted SD card, the report said.

A lack of enterprise-level management tools beyond Microsoft Exchange ActiveSync also means it’s difficult to manage more than a small number of Galaxy Tabs in an enterprise environment, the report said. The Apple iPad also shares this problem with the Apple tools that are available, the report added.

The report’s author, Jonathon Roach, said the tablet’s format is perfect for social networking and creating a sharing documents, presentations and other content on-the-fly “but the same characteristics also present tough security challenges for organisations.

“Context’s research suggests that most tablet manufacturers still have a way to go before their products can deliver the high levels of security required for use in most corporate enterprises,” Roach said.

Despite these issues, Context found that all three tablets have reasonably good support for Microsoft Exchange ActiveSync, which means that core security configurations can be managed from a central Exchange server.

The company said the BlackBerry was “far more advanced in its level of readiness for BYOD than the other two tablets and provided excellent logical and data separation between work and personal modes.

Whether or not the Samsung Galaxy Tab is suitable for the enterprise may be the least of Samsung’s problems.

The company is locked in a legal battle with Apple over patents and in August, a jury in California found it had improperly violated patented technology in the iPhone and iPad. Apple was awarded US$1.05 billion in damages.

A fresh battle may emerge between the two companies after The Wall Street Journal reported today that Samsung planned to run a television commercial that “pokes fun at Apple’s iPhone 5” in Australia and New Zealand. A similar commercial is being run in the US.