Samsung Android must be configured to enforce a USB host mode exception list. NOTE: This configuration allows DeX mode (with input devices), which is DoD-approved for use.

Description

<VulnDiscussion>The USB host mode feature allows USB devices to connect to the device (e.g., USB flash drives, USB mouse, USB keyboard) using a micro USB to USB adapter cable. The USB host mode exception list allows selected USB devices to operate, while disallowing others, based on their USB device class. With some USB device classes, a user can copy sensitive DoD information to external USB storage unencrypted, resulting in compromise of DoD data. However, some USB device classes do not allow data to be copied, such as Human Interface Devices (HID). Disabling all USB devices except for HID mitigates the risk of compromising sensitive DoD data. This allows for DeX mode to be used, with a USB keyboard and mouse, without compromising DoD data. SFR ID: FMT_SMF_EXT.1.1 #47</VulnDiscussion><FalsePositives></FalsePositives><FalseNegatives></FalseNegatives><Documentable>false</Documentable><Mitigations></Mitigations><SeverityOverrideGuidance></SeverityOverrideGuidance><PotentialImpacts></PotentialImpacts><ThirdPartyTools></ThirdPartyTools><MitigationControl></MitigationControl><Responsibility></Responsibility><IAControls></IAControls>