[ISN] NIST weighs in on cell phone, PDA security

From: InfoSec News <alerts_at_private>
Date: Tue, 4 Nov 2008 00:18:16 -0600 (CST)

By William Jackson

The use of increasingly powerful cell phones and other portable devices 
as business tools can open an enterprise to a new class of cyber 
threats, and the National Institute of Standards and Technology has 
released guidelines for mitigating these risks.

Special Publication 800-124 [1], titled "Guidelines on Cell Phone and 
PDA Security" is an overview of common cell phone and personal digital 
assistant devices, their associated risks and guidelines for mitigating 
the risks. The guidelines are not mandatory standards, but are 
recommendations intended to help users and administrators make informed 
information technology security decisions on their use.

"Cell phones and Personal Digital Assistants (PDAs) have become 
indispensable tools for today's highly mobile workforce," the 
publication says. They are being used not only for voice calls, text 
messages, and managing personal information, but also for many functions 
that are typically done on a desktop laptop computer, including .sending 
and receiving electronic mail, browsing the Web, storing and modifying 
documents, delivering presentations, and remotely accessing data..

The devices also can contain specialized features such as cameras, a 
Global Positioning System, and small removable-media card slots, and 
employ a range of wireless interfaces that include infrared, Wi-Fi, 
Bluetooth, as well as multiple cellular interfaces. Through these 
features, the devices are increasingly subject to many of the threats 
common to desktop systems as well as others. The threats include loss or 
theft; malware infection through tainted storage media or wireless 
connections; text and voice spam as well as the e-mail variety, which 
can be used for phishing as well as resulting in charges for inbound 
messages; electronic eavesdropping through a variety of channels; 
location tracking; theft of service through cloning; and exposure of 
sensitive data at the server.

[1] http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Mon Nov 03 2008 - 22:18:16 PST

This archive was generated by hypermail 2.2.0 : Mon Nov 03 2008 - 22:31:22 PST