CESG dishes out security advice for Blackberry, Android & Chrome OS

security key on keyboard

The Communications and Electronics Security Group (CESG) has published security guidance to enable organisations to safely deploy BlackBerry 10.2.1, Android 4.4 and Chrome OS devices.

The information security arm of GCHQ has revised its rules to assist those working in IT departments on how best to rollout and use these mobile operating systems securely.

The updated guidance is available now on Gov.uk and forms part of the Cabinet Office's End User Device Security Framework. It shows how the platforms can be configured to meet security recommendations and details the threats and other security problems for each of them.

It said the advice aims to "take a balanced approach between security and usability for remote or mobile working devices" by helping to reduce common risks to an organisation's information while still providing flexibility and ease of use.

There is also information on system architectures for deploying the devices. The CESG said the advice was not an endorsement of the platforms and only there to improve the UK's overall cyber security stance.

"Rather than being an 'approval' or 'endorsement' by CESG of any of these products, this guidance helps organisations to understand and manage the risks associated with the different devices, as part of their normal risk management processes," it said.

It added that each platform's virtual private network (VPN) and encryption efforts should be areas organisations should be aware of and manage appropriately.

It said Chrome OS's VPN "has not been independently assured to Foundation Grade, and does not currently support some of the mandatory requirements expected from assured VPNs."

"The VPN can be disabled by the user and some Google traffic is sent prior to the VPN being established resulting in potential for data leakage onto untrusted networks. Without assurance in the VPN there is a risk that data transiting from the device could be compromised," it added.

It also noted similar problems with Android's VPN as well as pointing out the lack of security of SD cards and non-data partitions. Blackberry OS 10.2's VPN and native data encryption also fell short, according to the CESG.

Minor updates have also been made to guidance for iOS 7, Windows 7 and Windows 8.1.

Rene Millman

Rene Millman is a freelance writer and broadcaster who covers cybersecurity, AI, IoT, and the cloud. He also works as a contributing analyst at GigaOm and has previously worked as an analyst for Gartner covering the infrastructure market. He has made numerous television appearances to give his views and expertise on technology trends and companies that affect and shape our lives. You can follow Rene Millman on Twitter.