http://www.computerworld.com/securitytopics/security/story/0,10801,92338,00.html by Joel Strauch APRIL 16, 2004 PC WORLD The No. 1 threat to the sensitive data stored on your handheld device or smart phone remains physically losing the device, but other threats are looming on the handheld horizon. "When you send a defective PDA to the manufacturer for tech support, they usually give you a new one and then resell the old one," said John Girard, vice president and research director at Gartner Inc. "Buying dead machines is an ideal method of pursuing identity theft." What's more, 90% of mobile devices lack the protection necessary to ward off hackers, according to a recent strategic planning assumption conducted by Stamford, Conn.-based Gartner. "Most devices have IrDA, Bluetooth and wireless connections, and many of them aren't set up properly. You can just walk around with a connected device of your own and see what you can find," Girard said. Even if there are security settings activated by default on a device, users will often turn them off if they find them unintuitive to use, he said. "Security needs to be as transparent as possible to users," Girard said. Malicious Code While security researchers have developed "proof of concept" viruses for handheld devices and smart phones, nothing has been seen yet "in the wild," said David Perry, global director of education at antivirus developer Trend Micro Inc. in Cupertino, Calif. "E-mail is easier. It's universal, and PDAs aren't." Since handheld device users can still choose from several operating systems, they face a lower risk that a widespread virus will hit mobile devices. "As long as it's really easy to do Windows and e-mail, why should people bend themselves out of shape to hit something else?" Perry asked. But the possibility of always-on wireless connectivity of smart phones and handhelds opens the door to malicious code. "There was a screen saver being passed around in Europe that would put your phone into a loop and lock it up," Girard said. "And worms on a Web site that you visit with your PDA could switch on Bluetooth. But we don't see viruses or malicious code being a significant threat for mobile devices until the end of 2005." Protect Your PDA That doesn't mean you should consider the information on your mobile device completely safe. There are still ways to lose it -- and ways to protect yourself from data loss. "You shouldn't keep things on a PDA that you can't afford to lose. And be vigilant -- don't let it get lost or stolen," Girard said. Also, use the "power-on" password settings in your device, he added. That way, a thief can't even activate your handheld device without your password. "And don't store important stuff on peripheral storage, where the power-on password might not protect it," he added. Third-party applications from vendors such as BlueFire Security Technologies, Asynchrony Solutions and others afford additional protections. "BlueFire has a PDA firewall, and you might ask whether you'd need a PDA firewall," Girard said. "But it shuts down Bluetooth, which closes a port where hackers could get in." Data encryption products from some of the same players are also a consideration, so even if the device does fall into the wrong hands, the data will be much harder to extract. Handheld devices are still much safer than desktops or laptops from virus and hacker attacks, but that won't always be the case. "What you'll find on a PDA today is what you'd find on a laptop five years ago. What you'll find on a PDA five years from now is what you'll find on a laptop today," Girard said. That power and operating system ubiquity will bring a greater potential for harmful intrusions. _________________________________________ ISN mailing list Sponsored by: OSVDB.org
This archive was generated by hypermail 2b30 : Mon Apr 19 2004 - 05:29:14 PDT