As we discussed in Security Basics for PDAs and Handheld PCs, PDAs and smartphones are susceptible to a host of security risks. In this article, we’ll take a closer look at specific vulnerabilities that affect these devices. Even if you’re not a security expert, you can establish safeguards to protect your data — and the device itself.
Types of PDA Vulnerabilities
In this article, we can’t list all the security risks that affect each handheld platform. Therefore, we’ll focus on the leading vulnerabilities to help you research and address your device’s specific security weaknesses.
The same types of vulnerabilities that affect laptops also affect PDAs and smartphones. These include the following:
Viruses, trojans, and worms Physical Theft Data theft Mobile code exploitation Authentication exploitation Wireless exploitation Denial of service attacks TCP session hijacking
All of these areas are unique and specific to the type of operating system your device uses, as different platforms offer different vulnerabilities that require specific safeguards.
The most widely used mobile operating systems include Windows Mobile, Palm OS, Java VM, Research In Motion (RIM) BlackBerry, Symbian OS and Linux.
To start with, you need to know what operating system your handheld uses, and the particular version number. If don’t know, ask the dealer that you bought the device from. If you bought it at a discount superstore, you can go to the PDA vendor’s Web site to obtain the information.
Don’t be afraid to e-mail a vendor your questions or to call their support number. After all, the device manufacturer has a vested interest in helping its customers. They usually do their best to answer questions, even if you did not buy the handheld directly from them.
Understand How Your Handheld Connects
To protect your handheld and the data that resides on it, you should understand how it connects to the Internet or to a desktop PC.
Using your handheld to access a network via a synchronization process is called connectionless access. The device relies on the desktop PC for its Internet Protocol (IP) network connection. Mobile devices also offer a direct-connect Internet capability through a network interface card.
A mobile device’s network interface card can be a traditional wired card or a wireless card. Each connection method has its own unique security problems. The three main ways to connect include:
- Desktop synchronization
- Hardwired network interface card
- Wireless network interface card
In addition, a wireless handheld can connect in one of three ways: Wi-Fi, Bluetooth, or cellular (CDMA or GSM).
Bluetooth and Wi-Fi connections are the least secure since they typically transmit radio frequency based signals — often without encryption — that can be easily intercepted by other wireless users in the area. You can increase Wi-fi’s security using Wired Equivalent Privacy (WEP), but by default, WEP is typically not enabled. Bluetooth is even less secure than Wi-Fi because the off-the-shelf package rarely includes any type of encryption.
If you don’t know which type of wireless connection your handheld uses, ask the merchant who sold you the device or the company that provide your access services. The best way to keep your wireless device is secure is to setup a Virtual Private Network (VPN) client. That way, when the device connects to networks or desktop PCs, the data is encrypted.
Disabling Local, Network, and Modem HotSync
One of the biggest vulnerabilities for Palm devices can be introduced using the HotSync feature. HotSync enables you to synchronize elements of your handheld with a desktop PC. Some of the elements typically synchronized include the Outlook inbox, the contacts list, the calendar tasks and notes. When using HotSync, worms, viruses, and Trojans can be transmitted from the mobile device to the local desktop, and ultimately to you your network.
When Network HotSync is enabled, the Palm OS opens TCP ports 14237 and 14238 as well as UDP port 14237. This means that cyber miscreants can open connections to these ports for the purpose of accessing private and proprietary information or unleashing malicious code. If you install a firewall on your device, you can restrict which systems and domains have access to which ports.
Similar to Palm OS HotSync attacks, Windows Mobile Pocket PC and smartphones are susceptible to ActiveSync attacks. While you can protect ActiveSync with a password, the ActiveSync authentication process can be exploited through data interception (password sniffing) or brute force dictionary attacks.
A user can enter an unlimited number of password attempts into the ActiveSync password prompt, which enables the possibility of a brute force dictionary attack. Hackers sometimes set up systems that generate sophisticated automatic scans to remote devices that attempt to try every word, or combination of words, in multiple dictionaries in an attempt to crack passwords. This is one of the reasons you don’t want your PDA or smartphone to allow an unlimited number of password attempts.
Every time an ActiveSync handheld is connected to a desktop PC via its cradle, ActiveSync requires you to enter a password. Users however have the option of saving this password on the desktop PC to expedite the connection process. The problem is that if an unauthorized user gains access to the desktop, they then also have access to the ActiveSync password. And even if the password is encrypted, unauthorized users could potentially use a dictionary attack to break the password.