By Waqas
The Security Joes Incident Response team of cybersecurity researchers recently discovered the new BiBi-Linux Wiper malware.
This is a post from HackRead.com Read the original post: Hamas Hackers Targeting Israelis with New BiBi-Linux Wiper Malware

The BiBi-Linux Wiper malware damages files and operating systems by overwriting data with useless information, rendering the affected files unusable.

Cybersecurity experts from Security Joes’ Incident Response team recently stepped forward to aid Israeli companies amid the **conflict between Israel and Hamas**. During their investigations, they uncovered a concerning discovery: a new type of malware known as the BiBi-Linux Wiper.

This malicious software, designed for Linux systems, poses a significant threat. It is a powerful executable file that, if granted root access, can potentially wipe out an entire operating system. What sets it apart is its ability to target specific folders, overwrite files, and concurrently corrupt data using multiple threads, significantly amplifying its impact and speed.

Unlike other malware types that aim to steal data or demand ransom payments, the BiBi-Linux Wiper takes a different approach. It damages files and operating systems by overwriting data with useless information, rendering the affected files unusable. This kind of destructive software, often termed a “**Wiper**,” is not entirely new but remains a menacing cybersecurity threat against companies, businesses and unsuspecting users.

According to the company’s **blog post**, one noteworthy detail is the naming convention used in the malware—each infected file is titled bibi-linux.out. This name, seemingly random, actually holds a political undertone, as “bibi” is a common nickname for the current Israeli Prime Minister, Benjamin Netanyahu. Further exploration into the malware’s inner workings revealed this string hardcoded within its structure, used to generate identifiers for corrupted files.

The researchers noted the rarity of this malware; at the time of their investigation, it had only received two detections on VirusTotal, suggesting its newness and limited distribution.

The malware, upon execution, produces an excessive amount of output, revealing details about its progress and actions. To address this, threat actors use the “nohup” command, redirecting output to a file and preventing the wiping process from halting even if the console is closed.

Its use of multiple threads and system calls enables it to corrupt files rapidly and efficiently. The malware follows a pattern, overwriting files with random data, renaming them with a ‘BiBi’ extension, and excluding certain file types crucial for the operating system’s function.

****Sophisticated Cyber Attacks Linked to Hamas and Pro-Palestinian Groups Target Israel****

Hamas has displayed a surprising level of sophistication in its cyber warfare tactics, as demonstrated by several incidents in recent years. **In 2014**, Hamas not only breached the live transmission of Israel’s Channel 10 TV station but also defaced the broadcast by displaying distressing images of Palestinian civilians affected by Israeli airstrikes in Gaza.

**In July 2018**, Israel accused Hamas of spying on IDF soldiers using malicious World Cup and dating apps. The group reportedly exploited hundreds of IDF Android devices by luring users with images of attractive women.

**By February 2020**, reports surfaced that Hamas hackers masqueraded as women to deceive IDF personnel into downloading malware. These hackers, posing as women, sent out malware to gather critical information and gain control over the soldiers’ phone functions.

Despite these cyberattacks attributed to Hamas, other groups have also targeted **Israel’s critical infrastructure**. AnonGhost, a pro-Palestinian group, not only **hacked the Red Alert App**, an Israeli rocket alert app but also sent fabricated missile, rocket, and nuclear bomb alerts to Israeli citizens.

**On October 16th, 2023**, researchers identified a fraudulent rocket alert app hosted on a malicious website, distributing malware onto the smartphones of unsuspecting Israeli citizens.

Nonetheless, cybersecurity experts persist in monitoring and analyzing these threats. The readiness of companies to defend against evolving cyber risks remains of utmost importance.

1.  Gaza Cybergang targeting Palestinian authority figures
2.  US seizes official website of Iranian state-owned Press TV
3.  Israeli Spyware Vendor Uses Chrome 0day to Target Journalists
4.  Israel claims to bomb Hamas’s cyber Ops HQ amidst uncertainties
5.  Android malware on Play Store targeting Palestinians on Facebook

Hamas Hackers Targeting Israelis with New BiBi-Linux Wiper Malware

In multiple locations, there is a possible way to bypass user notification of foreground services due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "d26544e5a4fd554b790b4d0c5964d9e95d9e626b", "tree": "f783afd38e1e95b034041806a96ae7f9148b8d68", "parents": \[ "88cf23cfe50b80aa9d65cc22946de1765972cb80" \], "author": { "name": "Beth Thibodeau", "email": "ethibodeau@google.com", "time": "Tue May 30 18:45:47 2023 -0500" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:10:15 2023 +0000" }, "message": "Add placeholder when media control title is blank\\n\\nWhen an app posts a media control with no available title, show a\\nplaceholder string with the app name instead\\n\\nBug: 274775190\\nTest: atest MediaDataManagerTest\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:a0fda1f36d04331c8d60c5540b09b1a30203581b)\\nMerged-In: Ie406c180af48653595e8e222a15b4dda27de2e0e\\nChange-Id: Ie406c180af48653595e8e222a15b4dda27de2e0e\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "af8d7ed22ed3fe16ab25d720aee3aa9c0f795a91", "old\_mode": 33188, "old\_path": "packages/SystemUI/res/values/strings.xml", "new\_id": "b0fcfcdc2f6b705656dd243fa68b993def4a76ee", "new\_mode": 33188, "new\_path": "packages/SystemUI/res/values/strings.xml" }, { "type": "modify", "old\_id": "6a69d427929e1f2f439eebe7bd3199a58d29a519", "old\_mode": 33188, "old\_path": "packages/SystemUI/src/com/android/systemui/media/MediaDataManager.kt", "new\_id": "4c2336eeb22c09f282069945a659cb458aecfee0", "new\_mode": 33188, "new\_path": "packages/SystemUI/src/com/android/systemui/media/MediaDataManager.kt" }, { "type": "modify", "old\_id": "1cce7cfb5b8afcc06fb87a71601185c5cfd23d38", "old\_mode": 33188, "old\_path": "packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt", "new\_id": "52266f983fddc351aead9a906c42034e63d9ee55", "new\_mode": 33188, "new\_path": "packages/SystemUI/tests/src/com/android/systemui/media/MediaDataManagerTest.kt" } \] }

CVE-2023-40120

In resetSettingsLocked of SettingsProvider.java, there is a possible lockscreen bypass due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "ff86ff28cf82124f8e65833a2dd8c319aea08945", "tree": "524d68215696fbfe5584e2a97f296e20904941a2", "parents": \[ "86c8421c1181816b6cb333eb62a78e32290c4b17" \], "author": { "name": "Eric Biggers", "email": "ebiggers@google.com", "time": "Fri Jul 28 22:03:03 2023 +0000" }, "committer": { "name": "Justin Dunlap", "email": "justindunlap@google.com", "time": "Fri Sep 01 12:58:52 2023 -0700" }, "message": "RESTRICT AUTOMERGE: SettingsProvider: exclude secure\_frp\_mode from resets\\n\\nWhen RescueParty detects that a system process is crashing frequently,\\nit tries to recover in various ways, such as by resetting all settings.\\nUnfortunately, this included resetting the secure\_frp\_mode setting,\\nwhich is the means by which the system keeps track of whether the\\nFactory Reset Protection (FRP) challenge has been passed yet. With this\\nsetting reset, some FRP restrictions went away and it became possible to\\nbypass FRP by setting a new lockscreen credential.\\n\\nFix this by excluding secure\_frp\_mode from resets.\\n\\nNote: currently this bug isn\\u0027t reproducible on \\u0027main\\u0027 due to ag/23727749\\ndisabling much of RescueParty, but that is a temporary change.\\n\\nBug: 253043065\\nTest: With ag/23727749 reverted and with my fix to prevent\\n com.android.settings from crashing \*not\* applied, tried repeatedly\\n setting lockscreen credential while in FRP mode, using the\\n smartlock setup activity launched by intent via adb. Verified\\n that although RescueParty is still triggered after 5 attempts,\\n secure\_frp\_mode is no longer reset (its value remains \\"1\\").\\nTest: Verified that secure\_frp\_mode still gets changed from 1 to 0 when\\n FRP is passed legitimately.\\nTest: atest com.android.providers.settings.SettingsProviderTest\\nTest: atest android.provider.SettingsProviderTest\\n(cherry picked from commit 9890dd7f15c091f7d1a09e4fddb9f85d32015955)\\n(changed Global.SECURE\_FRP\_MODE to Secure.SECURE\_FRP\_MODE,\\n needed because this setting was moved in U)\\n(removed static keyword from shouldExcludeSettingFromReset(),\\n needed for compatibility with Java 15 and earlier)\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:8c2d2c6fc91c6b80809a91ac510667af24d2cf17)\\nMerged-In: Id95ed43b9cc2208090064392bcd5dc012710af93\\nChange-Id: Id95ed43b9cc2208090064392bcd5dc012710af93\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "a6edb0f0e2e35722ff118876f3098934a38b0f76", "old\_mode": 33188, "old\_path": "packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java", "new\_id": "2e04cdae2a30420eb8a7aa41adf5dd5ef4dbf661", "new\_mode": 33188, "new\_path": "packages/SettingsProvider/src/com/android/providers/settings/SettingsProvider.java" }, { "type": "modify", "old\_id": "eaf0dcb9b4e797a07e5c2c058c3bbfe260b5024a", "old\_mode": 33188, "old\_path": "packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java", "new\_id": "1c6d2b08136c3bda2fee087466e44ee105ce8ec4", "new\_mode": 33188, "new\_path": "packages/SettingsProvider/test/src/com/android/providers/settings/SettingsProviderTest.java" } \] }

CVE-2023-40117

In onBindingDied of CallRedirectionProcessor.java, there is a possible permission bypass due to a logic error in the code. This could lead to local escalation of privilege and background activity launch with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "5b335401d1c8de7d1c85f4a0cf353f7f9fc30218", "tree": "85b52fe7ec98818de079ea0df2d775b8c39a2655", "parents": \[ "dd302d211bd8b935464b48551a76ef718bf33ccc" \], "author": { "name": "Grace Jia", "email": "xiaotonj@google.com", "time": "Thu Jul 20 13:42:50 2023 -0700" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:13:01 2023 +0000" }, "message": "Fix vulnerability in CallRedirectionService.\\n\\nCurrently when the CallRedirectionService binding died, we didn\\u0027t do\\nanything, which cause malicious app start activities even not run in the\\nbackground by implementing a CallRedirectionService and overriding the\\nonPlaceCall method to schedule a activity start job in an independent\\nprocess and then kill itself. In that way, the activity can still\\nstart after the CallRedirectionService died. Fix this by unbinding the\\nservice when the binding died.\\n\\nBug: b/289809991\\nTest: Using testapp provided in bug to make sure the test activity can\\u0027t\\nbe started\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:29b52e3cd027da2d8644450a4dee3a7d95dc0043)\\nMerged-In: I065d361b83700474a1efab2a75928427ee0a14ba\\nChange-Id: I065d361b83700474a1efab2a75928427ee0a14ba\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "226382bde4ab09d0efc1ec408db64c7e3c2cf633", "old\_mode": 33188, "old\_path": "src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java", "new\_id": "02debcd6c1b5710c2a7a14cd97165ff3d8e080cc", "new\_mode": 33188, "new\_path": "src/com/android/server/telecom/callredirection/CallRedirectionProcessor.java" } \] }

CVE-2023-40130

In appendEscapedSQLString of DatabaseUtils.java, there is a possible SQL injection due to unsafe deserialization. This could lead to local information disclosure with User execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "3287ac2d2565dc96bf6177967f8e3aed33954253", "tree": "832070d1a4d228a36bfcce5f0f3410555063e3ca", "parents": \[ "7212a4bec2d2f1a74fa54a12a04255d6a183baa9" \], "author": { "name": "Kunal Malhotra", "email": "malhk@google.com", "time": "Fri Jun 02 23:32:02 2023 +0000" }, "committer": { "name": "Justin Dunlap", "email": "justindunlap@google.com", "time": "Fri Sep 01 12:58:52 2023 -0700" }, "message": "Fixing DatabaseUtils to detect malformed UTF-16 strings\\n\\nTest: tested with POC in bug, also using atest\\nBug: 224771621\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:fb4a72e3943d166088407e61aa4439ac349f3f12)\\nMerged-In: Ide65205b83063801971c5778af3154bcf3f0e530\\nChange-Id: Ide65205b83063801971c5778af3154bcf3f0e530\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "6c8a8500e4e38c282491cefbf98e42b3a92e976a", "old\_mode": 33188, "old\_path": "core/java/android/database/DatabaseUtils.java", "new\_id": "d41df4f49d48fd3d2bf7274644fc96e67352022b", "new\_mode": 33188, "new\_path": "core/java/android/database/DatabaseUtils.java" } \] }

CVE-2023-40121

In FillUi of FillUi.java, there is a possible way to view another user's images due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "08becc8c600f14c5529115cc1a1e0c97cd503f33", "tree": "3f0b8b76102e3b965d293910f949644ce9963cc3", "parents": \[ "2d88a5c481df8986dbba2e02c5bf82f105b36243" \], "author": { "name": "Tim Yu", "email": "yunicorn@google.com", "time": "Tue Jun 20 21:24:36 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:10:43 2023 +0000" }, "message": "\[DO NOT MERGE\] Verify URI Permissions in Autofill RemoteViews\\n\\nCheck permissions of URI inside of FillResponse\\u0027s RemoteViews. If the\\ncurrent user does not have the required permissions to view the URI, the\\nRemoteView is dropped from displaying.\\n\\nThis fixes a security spill in which a user can view content of another\\nuser through a malicious Autofill provider.\\n\\nBug: 283137865\\nFixes: b/283264674 b/281666022 b/281665050 b/281848557 b/281533566\\nb/281534749 b/283101289\\nTest: Verified by POC app attached in bugs\\nTest: atest CtsAutoFillServiceTestCases (added new tests)\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:93810ba1c0a4d31f49adbf9454731e2b7defdfc0)\\nMerged-In: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a\\nChange-Id: I6f4d2a35e89bbed7bd9e07bf5cd3e2d68b20af9a\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "bc5d6457c945fec1263428c45dd50615ec131132", "old\_mode": 33188, "old\_path": "services/autofill/java/com/android/server/autofill/Helper.java", "new\_id": "48113a81cca5f0a44dc5b478f47e7cadef622745", "new\_mode": 33188, "new\_path": "services/autofill/java/com/android/server/autofill/Helper.java" }, { "type": "modify", "old\_id": "c2c630e01bee7a3d999047550719a9e2b0e25201", "old\_mode": 33188, "old\_path": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java", "new\_id": "59184e9ed28814672004f7d8a8d01b6105ab7b40", "new\_mode": 33188, "new\_path": "services/autofill/java/com/android/server/autofill/ui/DialogFillUi.java" }, { "type": "modify", "old\_id": "8fbdd81cc4cc666f5fe855da1aa29187066ac73f", "old\_mode": 33188, "old\_path": "services/autofill/java/com/android/server/autofill/ui/FillUi.java", "new\_id": "76fa258734ccc37aea53d19990e64f122c6a0f51", "new\_mode": 33188, "new\_path": "services/autofill/java/com/android/server/autofill/ui/FillUi.java" }, { "type": "modify", "old\_id": "677871f6c85f860363fc3e5cb2d07f65b602f6ef", "old\_mode": 33188, "old\_path": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java", "new\_id": "533a7b69a650a58ecceb078fd2442dc9e74f67c2", "new\_mode": 33188, "new\_path": "services/autofill/java/com/android/server/autofill/ui/SaveUi.java" } \] }

CVE-2023-40139

In android_view_InputDevice_create of android_view_InputDevice.cpp, there is a possible way to execute arbitrary code due to a use after free. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "2d88a5c481df8986dbba2e02c5bf82f105b36243", "tree": "6fe3bd910de991370a02c926861447a19172e1ac", "parents": \[ "5a3d0c131175d923cf35c7beb3ee77a9e6485dad" \], "author": { "name": "Josep del Rio", "email": "joseprio@google.com", "time": "Mon Jun 26 09:30:06 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:10:32 2023 +0000" }, "message": "Do not share key mappings with JNI object\\n\\nThe key mapping information between the native key mappings and\\nthe KeyCharacterMap object available in Java is currently shared,\\nwhich means that a read can be attempted while it\\u0027s being modified.\\n\\nBug: 274058082\\nTest: Patch tested by Oppo\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:3d993de0d1ada8065d1fe561f690c8f82b6a7d4b)\\nMerged-In: I745008a0a8ea30830660c45dcebee917b3913d13\\nChange-Id: I745008a0a8ea30830660c45dcebee917b3913d13\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "9cc72437a0234a89063644ffe2ab29c1dd47e381", "old\_mode": 33188, "old\_path": "core/jni/android\_view\_InputDevice.cpp", "new\_id": "f7c770e0bffb81d000ca79477c2fa674b44d66b4", "new\_mode": 33188, "new\_path": "core/jni/android\_view\_InputDevice.cpp" } \] }

CVE-2023-40140

In GpuService of GpuService.cpp, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "0cda11569dd256ff3220b4fe44f861f8081d7116", "tree": "76c88564d59b51976e524a8eb2a394c269786e01", "parents": \[ "686a75e8cd7a20c613dca5fec9d5a7877d360bac" \], "author": { "name": "sergiuferentz", "email": "sergiuferentz@google.com", "time": "Mon Jun 26 18:01:47 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:11:52 2023 +0000" }, "message": "Fix for heap-use-after-free in GPUService.cpp\\n\\nThis adds a unit test and fix for the bug reported by libfuzzer.\\nChanges made:\\n \* Expose GPUService as testable code.\\n \* Update main\_gpuservice.cpp to use the new GpuService now located at\\n gpuservice/GpuService.h\\n \* Make initializer threads members of GpuService\\n \* Join the threads in destructor to prevent heap-use-after-free.\\n \* Add unit test that waits 3 seconds after deallocation to ensure no\\n wrong access is made.\\n\\nBug: 282919145\\nTest: Added unit test and ran on device with ASAN\\n(cherry picked from commit 3c00cbc0f119c3f59325aa6d5061529feb58462b)\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:7fb707802ee4c667d1ee6065ae2845d835b47aeb)\\nMerged-In: I4d1d2d4658b575bf2c8f425f91f68f03114ad029\\nChange-Id: I4d1d2d4658b575bf2c8f425f91f68f03114ad029\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "5b4ee21b423353b3ba8fafe8559ebe2a2e1b24e1", "old\_mode": 33188, "old\_path": "services/gpuservice/Android.bp", "new\_id": "020940f04e7ce0a8c7b92180446e010336060ae4", "new\_mode": 33188, "new\_path": "services/gpuservice/Android.bp" }, { "type": "modify", "old\_id": "7b9782f4e8972debbae12326760ff70c3a61de5c", "old\_mode": 33188, "old\_path": "services/gpuservice/GpuService.cpp", "new\_id": "5643940a6eb4b727eadc881e5633553425d2331b", "new\_mode": 33188, "new\_path": "services/gpuservice/GpuService.cpp" }, { "type": "rename", "old\_id": "d7313d165e3544ba2cbb05e7a8f4febc06a75a8d", "old\_mode": 33188, "old\_path": "services/gpuservice/GpuService.h", "new\_id": "3e0ae66f39853ea3a9f2dbb0c8afeb1167872f83", "new\_mode": 33188, "new\_path": "services/gpuservice/include/gpuservice/GpuService.h", "score": 94 }, { "type": "modify", "old\_id": "64aafcab6a39fbe1e63531926de29f72c8a65af9", "old\_mode": 33188, "old\_path": "services/gpuservice/main\_gpuservice.cpp", "new\_id": "200237219e00b261f8f8bc81ff61c428a22ba882", "new\_mode": 33188, "new\_path": "services/gpuservice/main\_gpuservice.cpp" }, { "type": "modify", "old\_id": "4fb0d2e734b8f3a2c2cff8466eedafa6a2cb4c62", "old\_mode": 33188, "old\_path": "services/gpuservice/tests/unittests/Android.bp", "new\_id": "808c86bcae900abf043dc27e9e4045d8163dbaf4", "new\_mode": 33188, "new\_path": "services/gpuservice/tests/unittests/Android.bp" }, { "type": "add", "old\_id": "0000000000000000000000000000000000000000", "old\_mode": 0, "old\_path": "/dev/null", "new\_id": "62b3e53f5347dbff7d7bc5d2f64f6612247e46dd", "new\_mode": 33188, "new\_path": "services/gpuservice/tests/unittests/GpuServiceTest.cpp" } \] }

CVE-2023-40131

In build_read_multi_rsp of gatt_sr.cc, there is a possible out of bounds write due to a heap buffer overflow. This could lead to remote (proximal/adjacent) code execution with no additional execution privileges needed. User interaction is not needed for exploitation.

)\]}' { "commit": "c0151aa3ba76c785b32c7f9d16c98febe53017b1", "tree": "96bf9c2e4aeb3c9a5db37467c05c328039ae7d60", "parents": \[ "48779ff3ddafee92e4f098bdbaaf2e9f21b0957e" \], "author": { "name": "Hui Peng", "email": "phui@google.com", "time": "Tue May 16 02:09:38 2023 +0000" }, "committer": { "name": "Android Build Coastguard Worker", "email": "android-build-coastguard-worker@google.com", "time": "Thu Aug 10 17:12:27 2023 +0000" }, "message": "Fix an integer underflow in build\_read\_multi\_rsp\\n\\nWhen p\_buf-\\u003elen is mtu - 1 and p\_cmd-\\u003emulti\_req.variable\_len\\nevaluates to true, integer underflow is triggered\\nin the following line, resulting OOB access.\\n\\n\`\`\`\\n len \\u003d p\_rsp-\\u003eattr\_value.len - (total\_len - mtu);\\n\`\`\`\\n\\nBug: 273874525\\nTest: manual\\nIgnore-AOSP-First: security\\nTag: #security\\n(cherry picked from https://googleplex-android-review.googlesource.com/q/commit:85f4d53c7bf90b806639a3a302f0007ffb3b9f23)\\nMerged-In: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4\\nChange-Id: Ia60dd829ff9152c083de1f4c1265bb3ad595dcc4\\n", "tree\_diff": \[ { "type": "modify", "old\_id": "0b60a6a8db91e9e1af0bc1f1426a73f50cfc2864", "old\_mode": 33188, "old\_path": "system/stack/gatt/gatt\_sr.cc", "new\_id": "4c00743228252e0d2805433ad5cc663b6f169250", "new\_mode": 33188, "new\_path": "system/stack/gatt/gatt\_sr.cc" } \] }

CVE-2023-40129

When investing in a unified endpoint management solution, prioritize the needs of your network and users ahead of brand names. This Tech Tip focuses on questions to ask.

A high-caliber, enterprise-grade unified endpoint management (UEM) solution is more critical than ever in today's remote, hybrid, and constantly fluctuating work landscape. If you're in procurement or finance, you're likely under a lot of pressure to choose the right one. You must drive operational efficiency through cost savings and overhead optimization.

For many organizations, Microsoft Intune (rebranded from Microsoft Endpoint Manager \[MEM\] and generally sold as part of an MS Enterprise License Agreement \[ELA\]) looks like a solid choice for endpoint management. It's a cloud-based solution with clear name recognition. Another plus: Microsoft's Intune plan pricing seems very approachable.

Other options have less name recognition than Microsoft but may be a better fit depending on an organization's needs. For example, according to G2, Ivanti Neurons for UEM gets high ratings for quality of support and ease of use. Atera offers particular expertise for small businesses. NinjaOne is rated well for being "a good partner in doing business."

The upshot: Organizations should not be making purchasing decisions based on brand name and pricing. Instead, companies should look beneath the surface before investing in technology, particularly in high-stakes scenarios with serious return on investment (ROI) potential.

**What to Ask Before Investing in a UEM Solution**

We cannot attempt to discuss the pros and cons of every major UEM solution available. With that in mind, here's what I recommend asking when evaluating a UEM solution:

1.  What type of devices will I be using the UEM solution for? Is it primarily mobile, mostly laptops or desktops, or a combination?
2.  Are my endpoints dispersed regionally, globally, or mostly on-site behind a perimeter?
3.  How is my IT help desk going to support and troubleshoot these devices? What is the additional cost per year to support?
4.  How many employees will be involved, and what's the cost per employee?
5.  What are the licensing agreements like? Do I need to buy a whole pie when I only want a slice?
6.  How is pricing structured? Will it scale based on usage?
7.  Do my employees exclusively use one type of device and operating system or a mix? If it's the latter, will the UEM solution work just as well regardless of the device type and OS used?
8.  Would my IT and security team benefit more from a central dashboard with a single-pane-of-glass view or integrated Mobile Threat Defense capabilities?
9.  How does the solution integrate with my other vendors/solutions and third-party apps?
10.  How many more IT employees will it take to manage? Does it require more servers?

Some of those questions might sound overly technical to those in finance and procurement, but your answers can significantly affect your true usability and costs.

**Get the Full Picture of Your Total Cost of Ownership**

As a rule, technology must suit the organization using it, and no technology solution is suitable for everyone. Total cost of ownership, for instance, is important, and it varies among solutions. Let's look at Intune as an example.

For all its strengths and lightweight supports on operating systems such as Android and macOS, Intune is not recommended for some verticals and businesses that require robust support on third-party applications. It is not intended as a complete systems-management platform. Part of the reason it might look like you're saving money by switching to Intune is because it's built primarily for a narrow subset of needs — and those needs are more cost-effective for Microsoft to handle.

Suppose you have diverse endpoints and many third-party apps to manage and integrate. In that case, you'll end up in a tough spot — either tolerating significant vulnerability or shelling out more for a comprehensive solution to pick up the slack. You'll also likely need to acquire additional software to run on certain operating systems. Furthermore, Microsoft charges additional costs per year for its Remote Help/Remote View of mobile devices.

There are more gaps like this, but perhaps most critically for finance, Microsoft Intune's pricing is based in part on the volume of data transmitted. These usage fees are challenging to predict and budget for and can add up. It becomes problematic when deciding between facilitating an unlimited flow of protected data or managing costs. Additionally, I've seen many enterprises having to buy more servers to manage Intune and hire additional administrators to manage those servers.

**The Bottom Line for Your Bottom Line**

In this example, Microsoft Intune is a fantastic option if:

*   You need a robust solution for lightweight mobile applications mainly on the same OS.
*   Your use case is straightforward enough that a single-pane-of-glass view isn't relevant.
*   The numbers look favorable based on your usage needs.

If you have more complicated requirements, perform due diligence to identify more flexible options.

Regardless of where you end up, do not go _without_ a UEM solution. Your company's security depends on it.

Tag

#android