The Android 11 QPR1 security update is a minor one, but will have far-reaching consequences on enterprise Wi-Fi networks when it is implemented during the course of December.
Most organisations with 802.1x Wi-Fi networks are still using relatively-ancient legacy EAP methods (such as PEAP and EAP-TTLS) and credentials.
The security update is intended to force organisations to update their Android security through a process of eliminating the ‘do not validate’ option when prompted for CA Certificate details in the dropdown menu for network settings.
“The last thing that organisations need is to return to business to discover that they can no longer connect to their Wi-Fi network. This could be catastrophic for organisations who do not take proactive action immediately, as wireless connectivity has become a cornerstone of most organisations,” says Andre Kannemeyer, chief technology officer of Duxbury Networking.
Kannemeyer points out that the security update will provide an added layer of protection against hackers who are intent on setting up fake access points with a spoofed SSID that harvests user credentials.
“The security update makes provisioning certificates to Android devices mandatory. Managed devices are easy to configure and enrol, but provisioning certificates to Android devices could be a problem without the right tools. It’s not a case of ‘if’ this will happen, it’s a case of ‘when’ it happens. However, by taking action as quickly as possible, the effects will be negated.
“Duxbury has an experienced team of technical specialists in place to provide advice and suggest solutions to mitigate the potential consequences. We strongly urge organisations to contact us as soon as possible to discuss remedial options,” says Kannemeyer.