Today in class, we briefly touched upon the information security risk that PDAs pose. Besides the threat of physically losing your PDA, there are other security risks which one should take into consideration when using these hand held devices. The reason for this risk comes from the fact that most of these devices have both bluetooth and wi-fi capabilities; such wireless connections open the door to the risk of malicious code.
When considering such security threats, one could take Blackberry for example. I have seen many students with these devices on campus and e-mail security is definitely a concern. The threat comes from the user downloading certain files - for example opening an e-mail which contains a trojan horse - allowing a hacker to monitor/access the e-mails that the recipient is receiving (and therefore gaining complete access to the information incoming and outgoing).
On a corporate level, there is the risk of espionage between companies; trade secrets and future deals being leaked. Senior executives use these devices and in their calendar alone there may be fragile company information such as key customer information and merger/acquisition info which could lead to humiliation or a drop in the material value of the organization.
On a more severe level, government and military employees use these devices; a leak of vital information could result in the loss of life.
Third party programs are the cause of many of these viruses. When using Blackberries and the like at work, security directly relates to the level of protection/restriction the corporation is administrating. Blackhats love trying to penetrate new devices (such as the iPhone) while exploiting their flaws/vulnerabilities.
Some tips to stay safe when using PDAs: don't keep any information on your PDA that you can't afford to lose, utilize the "power on" password setting (a prompt to input your password disallowing access to those who are without it), take advantage of firewall and security packages (such as those offered by BlueFire), consider encrypting your data.
Since users have the option of multiple operating systems when using PDAs, combined with the fact that hackers typically have access to more data via victims' computers, PDAs haven't been targeted so heavily yet. But as their capabilities advance, so will their draw from blackhats.
Wednesday, October 1, 2008
Subscribe to:
Post Comments (Atom)
Posts
You are absolutely right about the security concerns facing BlackBerry users right now. I have owned a BlackBerry since the second semester of my freshman year, and I agree that e-mail security is the most concerning problem facing BlackBerry users at this time.
ReplyDeleteWhen I check e-mail on my computer I always have to enter some sort of password; however, on my BlackBerry, all I have to do is unlock the device (which requires no password) and I have full access to phone numbers, e-mails, and transcripts. Devices such as BlackBerrys, because of their versatility, become essential business tools. As a result, you are right when you say that a lot of sensitive information is stored on them. In fact, I have had business account numbers, credit card numbers, and Social Security numbers all stored on my BlackBerry (stupid, I know).
I can also upload files from my BlackBerry to my computer, and this is yet another security risk. For, if I pick up a virus or a piece of malicious code from a third-party, I can upload that code to my computer and unknowingly infect an entire network.
On a related note, I believe that mobile devices such as iPhones, BlackBerrys, and PDAs could definitely benefit from security software. Unfortunately, most mobile devices are incapable of running such complex software. I think that whatever security company can develop effective software for mobile devices will make a great deal of money.
I think the current state of physical security of mobile devices goes against what has come to be known as standard computing practice. The absence of a password seems to undermine any of the security features written into websites or other data.
ReplyDeleteI suppose, however, that security breaches which result from physically obtaining the device are more of a petty crime level than an orchestrated attack on a user and his data.