Web Sites with PDA Vulnerability Information
Once you know what operating system your handheld uses, and how it connects to other systems or networks, you can research the vulnerabilities that could potentially affect your device on the Web.

While many independent research and advisory sites contain objective third-party information, you should not overlook the valuable information that is available on websites by vendor's that design handheld security software.

Vendors that have gone through the trouble of understanding how PDAs are vulnerable—for the purpose of creating products—have bleeding-edge perspectives on how PDAs can be exploited and secured.

Even if you don't want to buy their product, by reading the product information available on some of the handheld security vendor websites, you can improve your understanding of how vulnerabilities are exploited. For better or worse, vendors are the innovators of mobile security products and you will most assuredly improve your understanding of handheld security issues if you read PDA security vendor literature and take the time to interview these vendors and ask them questions.

PDA Exploit Countermeasures

Countermeasures are steps you can take to offset or mitigate the risks of mobile device exploits. Sometimes countermeasures are referred to as safeguards. The following is a list of countermeasures that you can put in place to prevent unauthorized users from wreaking havoc on your handheld and the enterprise systems and networks that your PDA or smartphone connects to:

·	Install a firewall on the handheld that
	has its rules configured to allow only 
	authorized IP addresses to make connections
	to the device.

·	Disable all HotSync and ActiveSync features
	when not in use.

·	Ensure that password lock-out software is 
	enabled to restrict the number of password guesses. 

·	Do not store PDA passwords on desktop PCs. 

·	Install a reputable anti-virus product on 
	your device to prevent  propagation of malicious code 
	(viruses, Trojans, and worms). 

·	Strong third-party authentication (e.g. two-factor 
        authentication) software should be installed
        to  protect them from brute force attacks and
        password sniffing. 

·	Any PDAs or smartphones that transmit classified
	information should have their connections to third-party 
	systems and networks protected by VPNs. 

·	Handhelds that contain sensitive or classified 
	information should have their data encrypted with 
	keys that are at least 80 bits long. 

·	Make sure your mobile device is upgraded 
	with the latest security patches. 

·	Do not use un-trusted Wi-Fi access points
	(such as the ones at coffee shops) as they
	may not have all their security features properly configured. 

PDA Vulnerability Upshot

End-users should take the time to read about and understand the security features that come bundled with their handheld's operating system. If basic security features are lacking, it is worthwhile to look into to improving a mobile device's security posture by installing third-party security software. At the very least, the most important third-party security software to install should be an anti-virus product.

You do not have to be a computer security expert to research the security vulnerabilities that affect your handheld. You need to know what operating system your device uses, and how it to connects to a desktop PC and the Internet.

From these two starting points, you can research your handheld's vulnerabilities on the Web. When you are shopping for a handheld, ask the dealer what sort of security features come bundled with it. For example, RIM devices come with a wireless e-mail client that is protected by the Triple DES (3DES) encryption algorithm.

If businesses are going to allow end-users to connect their PDAs and smartphones to the corporate network, mobile device security policies should be established. Security policies should include end-user rules of behavior as well as technical policies that network administrators need to configure and set up. Mobile device management policies should also be established in order to put management accountability into place.