T 2.139 Poor consideration of mobile devices in patch and change management

The increasing mobility of end devices is one of the specific challenges for patch and change management. Due to their changing place of use and their connection to existing networks by means of wireless radio technologies, mobile systems are not always integrated into the automated distribution of patches and changes.

In addition to this, the same bandwidth and stability during the data transmission given for stationary systems is usually not ensured for mobile end devices in a LAN. The creation of backup copies and restore points takes longer and functions less reliably as compared to stationary systems.

If mobile systems are not taken into consideration separately when planning patches and changes, the distribution can only be carried out incompletely, takes more time than planned and also always constitutes a security risk.

Example:

• The mobile telephones purchased by a company can only be updated via connection to a computer. For this purpose, the users must hand over the mobile devices to the company's IT department. After a serious vulnerability was detected in the Bluetooth implementation and a security patch was published, attackers were able to read important information of several devices, as the respective employees had not handed in their devices promptly for an update.