As we discussed in Learn the Basics of Handheld Security, PDAs and smartphones are susceptible to a host of security exploits. In this article, we'll take a closer look at specific vulnerabilities that affect these devices. Even if you are not a security expert, you can establish safeguards to protect valuable information—not to mention the device itself.

Types of PDA Vulnerabilities
In a single article, it is not possible to list all the security risks that affect each handheld platform. Therefore, we'll focus on a few leading vulnerabilities to help you research and address your device's security weaknesses on your own.

PDAs and smartphones are subject to the same types of vulnerabilities that affect laptops. These include:

·	Viruses, Trojans, and worms
·	Theft of the physical device itself
·	Data theft
·	Mobile code exploits
·	Authentication exploits
·	Wireless exploits
·	Denial of service attacks
·	TCP Session Hijacking

All of these vulnerability areas are unique and specific to the type of operating system that runs on a device, as different platforms offer different vulnerabilities that require mitigation by unique and appropriate safeguards.

The most widely used mobile operating systems are Windows Mobile, Palm OS, Java VM, Research In Motion (RIM) BlackBerry, Symbian OS, and Linux.

To start with, you need to know what operating system your handheld uses, and—even better—the particular version number. If you are unsure, ask the dealer that you bought the device from. If you bought it from a discount superstore, you can go to the website of the vendor that makes the PDA to obtain a lot information.

Don't be afraid to send the vendor an e-mail with your questions, or call their support number. After all, the device manufacturer has a vested interest in helping its customers. They will usually do their best to answer questions, even if you did not buy the handheld directly from them.

Understand How Your Handheld Connects
To protect your handheld and the data that resides on it, you should understand how it connects to larger entities. Before you start to research security vulnerabilities, it is worthwhile to first understand how your handheld connects to the Internet or a desktop PC.

Using a handheld to access a larger enterprise network via a synchronization process is considered connectionless access. This is because the device itself relies on the desktop PC for its Internet Protocol (IP) network connection. Mobile devices also offer the ability to connect directly to the Internet through a network interface card.

A mobile device's network interface card can be a traditional wired card or a wireless card. Each way of connecting has its own unique security problems.

In order to understand the vulnerabilities with which your wireless device is susceptible, you must first find out and understand which type of wireless connection it uses. Therefore, when taking into consideration the security of a mobile device, it should first be established how the PDA is connecting to the Internet:

·	Desktop synchronization
·	Hardwired network interface card
·	Wireless network interface card

If a handheld is using a wireless connection, it is important to understand what type is being used. For example, the wireless connection could be Wi-Fi, Bluetooth, or cellular (CDMA or GSM).

Bluetooth and Wi-Fi connections are the least secure since they typically transmit radio frequency based signals—often without encryption—to areas available to other users that are in the general proximity to intercept data. Some security can be added to Wi-Fi using Wired Equivalent Privacy (WEP), but by default, WEP is typically never enabled. Bluetooth is even less secure than Wi-Fi as encryption is generally never provided as part of the off-the-shelf package.

If you don't know which type of wireless connection your handheld uses, ask questions. You can ask the merchant who sold you the device or the company that provide your access services. If you are using any wireless connectivity, the best way to ensure that your device is secure is to setup a Virtual Private Network (VPN) client on it so that when it connects to networks or desktop PCs, the data is encrypted.

Security Vulnerabilities Affecting Connectionless PDAs
One of the biggest vulnerabilities for Palm devices is the potential exploits that can be introduced using the HotSync feature. HotSync enables you to synchronize elements of your handheld with a desktop PC. Some of the elements that are typically synchronized include the Outlook inbox, the contacts list, the calendar, tasks and notes. When using HotSync, worms, viruses, and Trojans can be transmitted from the mobile device to the local desktop, and ultimately your enterprise network.

Disabling Local, Network, and Modem HotSync can prevent many vulnerabilities.

When Network HotSync is enabled, the Palm OS opens Transmission Control Protocol (TCP) ports 14237 and 14238 as well as User Datagram Protocol (UDP) port 14237. This means that cyber miscreants can open connections to these ports for the purpose of accessing private and proprietary information, or unleashing malicious code. If you install a firewall on your device, you can restrict which systems and domains have access to which ports.

Similar to Palm OS HotSync attacks, Windows Mobile Pocket PC and smartphones are susceptible to ActiveSync attacks. While you can protect ActiveSync with a password, the ActiveSync authentication process can be exploited through data interception (password sniffing) or brute force dictionary attacks.

A user can enter an unlimited number of password attempts into the ActiveSync password prompt, which enables the possibility of a brute force dictionary attack. Hackers sometimes set up systems that generate sophisticated automatic scans to remote devices that attempt to try every word, or combination of words, in multiple dictionaries in an attempt to crack passwords. This is one of the reasons you do not want your PDA or smartphone to allow an unlimited number of password attempts.

Every time an ActiveSync handheld is connected to a desktop PC via its cradle, ActiveSync requires a password to be entered. Users however have the option of saving this password on the desktop PC to expedite the connection process. The problem is that if an unauthorized user gains access to the desktop, they then also have access to the ActiveSync password. And even if the password is encrypted, unauthorized users could potentially use a dictionary attack to break the password.

Prevent Enterprise Vulnerabilities
One of the best ways to safeguard PDAs and smartphones on an enterprise level is to create security policy template files and distribute them to the end-user devices. To do this, most companies need to purchase a third-party handheld security policy editor that can create group policies that integrate with either Active Directory or Lightweight Directory Access Protocol (LDAP).

Controlling security policies through a centralized management system is the most effective approach to secure corporate mobile devices. In evaluating enterprise PDA security products, look for those that have—at the very minimum—the ability to provide the following:

·	Protect personal databases such as address books,
	calendars and date books
·	Protect application databases such as SQL Server CE
·	Encrypt files, database, and folders
·	Strengthen password protection by turning on lock-out features
·	Expire passwords after a pre-determined length of time has passed

The PDA security policy editor should always be centralized and integrated with your directory services. A solution that is not centralized will create a great deal of administrative overhead.

Web Sites with PDA Vulnerability Information
Once you know what operating system your handheld uses, and how it connects to other systems or networks, you can research the vulnerabilities that could potentially affect your device on the Web.

While many independent research and advisory sites contain objective third-party information, you should not overlook the valuable information that is available on websites by vendor's that design handheld security software.

Vendors that have gone through the trouble of understanding how PDAs are vulnerable—for the purpose of creating products—have bleeding-edge perspectives on how PDAs can be exploited and secured.

Even if you don't want to buy their product, by reading the product information available on some of the handheld security vendor websites, you can improve your understanding of how vulnerabilities are exploited. For better or worse, vendors are the innovators of mobile security products and you will most assuredly improve your understanding of handheld security issues if you read PDA security vendor literature and take the time to interview these vendors and ask them questions.

PDA Exploit Countermeasures

Countermeasures are steps you can take to offset or mitigate the risks of mobile device exploits. Sometimes countermeasures are referred to as safeguards. The following is a list of countermeasures that you can put in place to prevent unauthorized users from wreaking havoc on your handheld and the enterprise systems and networks that your PDA or smartphone connects to:

·	Install a firewall on the handheld that
	has its rules configured to allow only 
	authorized IP addresses to make connections
	to the device.

·	Disable all HotSync and ActiveSync features
	when not in use.

·	Ensure that password lock-out software is 
	enabled to restrict the number of password guesses. 

·	Do not store PDA passwords on desktop PCs. 

·	Install a reputable anti-virus product on 
	your device to prevent  propagation of malicious code 
	(viruses, Trojans, and worms). 

·	Strong third-party authentication (e.g. two-factor 
        authentication) software should be installed
        to  protect them from brute force attacks and
        password sniffing. 

·	Any PDAs or smartphones that transmit classified
	information should have their connections to third-party 
	systems and networks protected by VPNs. 

·	Handhelds that contain sensitive or classified 
	information should have their data encrypted with 
	keys that are at least 80 bits long. 

·	Make sure your mobile device is upgraded 
	with the latest security patches. 

·	Do not use un-trusted Wi-Fi access points
	(such as the ones at coffee shops) as they
	may not have all their security features properly configured. 

PDA Vulnerability Upshot

End-users should take the time to read about and understand the security features that come bundled with their handheld's operating system. If basic security features are lacking, it is worthwhile to look into to improving a mobile device's security posture by installing third-party security software. At the very least, the most important third-party security software to install should be an anti-virus product.

You do not have to be a computer security expert to research the security vulnerabilities that affect your handheld. You need to know what operating system your device uses, and how it to connects to a desktop PC and the Internet.

From these two starting points, you can research your handheld's vulnerabilities on the Web. When you are shopping for a handheld, ask the dealer what sort of security features come bundled with it. For example, RIM devices come with a wireless e-mail client that is protected by the Triple DES (3DES) encryption algorithm.

If businesses are going to allow end-users to connect their PDAs and smartphones to the corporate network, mobile device security policies should be established. Security policies should include end-user rules of behavior as well as technical policies that network administrators need to configure and set up. Mobile device management policies should also be established in order to put management accountability into place.