Get a Grip on Handheld Security

There’s no doubt that handheld devices like smartphones and PDAs can help make you more productive on the road. But the flip side of their convenient size is that these devices can be especially vulnerable to loss or theft. Whether misplaced or stolen, the loss of a handheld is always a major inconvenience, but if it’s packed with sensitive data, it can be nothing short of catastrophic.

SafeGuard PDA Personal Edition V4.11 provides protection and piece of mind in the event of just such an occurrence. The $45 utility can’t prevent your handheld from disappearing, but it can keep unauthorized people from accessing it or getting to the data it contains.

SafeGuard PDA works with both Windows Mobile 5 and 2003 versions—we used it with a Cingular 8125 running the former (Pocket PC Edition) and a Dell Axim X30 PDA running the latter. (In June, the company plans an update to support Windows Mobile 5 Smartphone Edition.) The software consists of three separate components, beginning with an authentication module to govern access to the device. Two other modules, PrivateCrypto, and PrivateDisk, are used to encrypt individual files and e-mail attachments and to create transparently encrypted virtual disks, respectively.

During the SafeGuard PDA install process, you must create a master password which is used to gain access to certain configuration settings, as well as to prevent the software from being removed from the device.

Aside from the traditional alphanumeric password, SafeGuard PDA offers several other methods to log into your the device. If you’ve got the appropriate hardware, you can authenticate using an IICS Certgate MMC card. Another option is to use a password comprised of symbols — a generic 10-symbol set (dog, flower, car) is included with the software, and you can use it as a template to create your own custom symbol set, which is stored as a single BMP file.

If you prefer to use a biometric form of authentication, you can configure SafeGuard PDA to recognize a handwritten signature. This method involves first “enrolling” the signature by entering it five times for accuracy. In our tests, SafeGuard PDA always noticed when our logon signature failed to correspond to our enrolled one. The algorithm takes into account not just the shape of the writing, but the speed as well. Therefore, if you sign too slow or to quickly, authentication will fail (and it did each time we varied the pace of our penmanship).

Once you decide on an authentication method, you can manually lock (or lock and shutdown your device) via a control icon on the Today screen, as well as decide under what circumstances you want SafeGuard PDA to automatically secure your device. Options include at power on, after a specified number of minutes of on or idle time, or when an ActiveSync connection is attempted.

You can also configure SafeGuard PDA to limit the number of failed logon attempts (up to 10), with a increasing delay between access attempts to help foil brute force attacks. If the failed logon limit is reached, SafeGuard PDA can sound an audible alarm or play a custom warning sound, or even nuke the device by performing a hard reset (including erasing the contents of any internal flash memory).

If you install SafeGuard PDA on a phone device like the 8125, you can specify whether you want the phone to be able to place calls without logging in first, and may also limit the calling options to three pre-configured numbers.

To prevent access to sensitive files, you can use SafeGuard PDA’s PrivateCrypto feature. You can select specific files to encrypt (via AES), and create passwords for access. You also have the option to wipe the source file (always a good idea) and compress the encrypted version to save space or make file transfers speedier. With the compression feature on, PrivateCrypto took a 15K Pocket Word and squeezed it down to around 4K. With compression off, the size of the file grew ever so slightly to 16K.

Because there are times that you might actually need to share encrypted files with others, PrivateCrypto also lets you create encrypted files as self-extracting executables, so the recipient doesn’t need any special software to decrypt them. Going this route does jack the file size up by more than 100K, however, and we could only open the resulting file on another Pocket PC, not a standard PC.)

A few minor complaints are that you can’t use PrivateCrypto to encrypt multiple files at once, and that you must launch the application before encrypting a file. (Although the interface is straightforward and easy to use, a context menu option would be more convenient.) On the plus side, you can send an encrypted file as an e-mail attachment directly from the PrivateCrypto interface via your default mail application.

When you want to protect more than just one or two critical files or you need regular access to the files you encrypt, you can fire up PrivateDisk, which uses virtual disks as encrypted storage volumes.

Once you’ve created a encrypted volume via PrivateDisk you can’t change it’s size, but you are able to set up multiple encrypted volumes and mount and unmount them as needed, and you can either use unique passwords for access or use the same authentication method you use to log on to the device. Volumes that have been set up on removable media– like memory cards– are automatically mounted when the card is inserted. Unlike files created with PrivateCrypto, PrivateDisk volumes can be accessed on a standard PC, providing you have the PC version of the software (which is available separately).

Given that many people that carry PDAs or smartphones around use them as personal information managers, it stands to reason that this is where much of a user’s important data can be found. When used on a Windows Mobile 2003 device SafeGuard PDA’s PIM encryption feature can be configured to automatically protect some or all PIM data, including appointments, contacts, tasks, e-mail, and attachments. (Unfortunately, PIM Encryption isn’t available on Windows Mobile 5 devices.)

Versions and Pricing
You can click here to download a demo version of SafeGuard PDA Personal Edition. This demo version isn’t time-limited, but it can’t be used to secure a device (it will flag failed login attempts but grant access anyway).

For organizations that want to manage a large number of secure handheld devices, SafeGuard PDA is also available in an Enterprise Edition (which is available for the Palm and Symbian operating systems in addition to Windows Mobile). At $87 for a single user Enterprise Edition is almost twice as expensive, but it’s available with volume pricing (e.g. $390 for a 5-user license).

In addition to centralized administration, Enterprise Edition includes several additional features, including the ability to encrypt the entire contents of a device and shut off it’s communications interfaces, including phone, Wi-Fi, Bluetooth and IR.

With easy-to-use authentication and encryption and a reasonable price tag, the SafeGuard PDA Personal Edition is worth a close look for anyone concerned about their Windows Mobile-based handheld being held by the wrong hands.

Adapted from

Do you have a comment or question about this article or other small business topics in general? Speak out in the Forums. Join the discussion today!

Must Read

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.