As we discussed in Learn the Basics of Handheld Security, PDAs and smartphones are susceptible to a host of security exploits. In this article, we'll take a closer look at specific vulnerabilities that affect these devices. Even if you are not a security expert, you can establish safeguards to protect valuable information—not to mention the device itself.

Types of PDA Vulnerabilities
In a single article, it is not possible to list all the security risks that affect each handheld platform. Therefore, we'll focus on a few leading vulnerabilities to help you research and address your device's security weaknesses on your own.

PDAs and smartphones are subject to the same types of vulnerabilities that affect laptops. These include:

·	Viruses, Trojans, and worms
·	Theft of the physical device itself
·	Data theft
·	Mobile code exploits
·	Authentication exploits
·	Wireless exploits
·	Denial of service attacks
·	TCP Session Hijacking

All of these vulnerability areas are unique and specific to the type of operating system that runs on a device, as different platforms offer different vulnerabilities that require mitigation by unique and appropriate safeguards.

The most widely used mobile operating systems are Windows Mobile, Palm OS, Java VM, Research In Motion (RIM) BlackBerry, Symbian OS, and Linux.

To start with, you need to know what operating system your handheld uses, and—even better—the particular version number. If you are unsure, ask the dealer that you bought the device from. If you bought it from a discount superstore, you can go to the website of the vendor that makes the PDA to obtain a lot information.

Don't be afraid to send the vendor an e-mail with your questions, or call their support number. After all, the device manufacturer has a vested interest in helping its customers. They will usually do their best to answer questions, even if you did not buy the handheld directly from them.

Understand How Your Handheld Connects
To protect your handheld and the data that resides on it, you should understand how it connects to larger entities. Before you start to research security vulnerabilities, it is worthwhile to first understand how your handheld connects to the Internet or a desktop PC.

Using a handheld to access a larger enterprise network via a synchronization process is considered connectionless access. This is because the device itself relies on the desktop PC for its Internet Protocol (IP) network connection. Mobile devices also offer the ability to connect directly to the Internet through a network interface card.

A mobile device's network interface card can be a traditional wired card or a wireless card. Each way of connecting has its own unique security problems.

In order to understand the vulnerabilities with which your wireless device is susceptible, you must first find out and understand which type of wireless connection it uses. Therefore, when taking into consideration the security of a mobile device, it should first be established how the PDA is connecting to the Internet:

·	Desktop synchronization
·	Hardwired network interface card
·	Wireless network interface card

If a handheld is using a wireless connection, it is important to understand what type is being used. For example, the wireless connection could be Wi-Fi, Bluetooth, or cellular (CDMA or GSM).

Bluetooth and Wi-Fi connections are the least secure since they typically transmit radio frequency based signals—often without encryption—to areas available to other users that are in the general proximity to intercept data. Some security can be added to Wi-Fi using Wired Equivalent Privacy (WEP), but by default, WEP is typically never enabled. Bluetooth is even less secure than Wi-Fi as encryption is generally never provided as part of the off-the-shelf package.

If you don't know which type of wireless connection your handheld uses, ask questions. You can ask the merchant who sold you the device or the company that provide your access services. If you are using any wireless connectivity, the best way to ensure that your device is secure is to setup a Virtual Private Network (VPN) client on it so that when it connects to networks or desktop PCs, the data is encrypted.

Security Vulnerabilities Affecting Connectionless PDAs
One of the biggest vulnerabilities for Palm devices is the potential exploits that can be introduced using the HotSync feature. HotSync enables you to synchronize elements of your handheld with a desktop PC. Some of the elements that are typically synchronized include the Outlook inbox, the contacts list, the calendar, tasks and notes. When using HotSync, worms, viruses, and Trojans can be transmitted from the mobile device to the local desktop, and ultimately your enterprise network.

Disabling Local, Network, and Modem HotSync can prevent many vulnerabilities.

When Network HotSync is enabled, the Palm OS opens Transmission Control Protocol (TCP) ports 14237 and 14238 as well as User Datagram Protocol (UDP) port 14237. This means that cyber miscreants can open connections to these ports for the purpose of accessing private and proprietary information, or unleashing malicious code. If you install a firewall on your device, you can restrict which systems and domains have access to which ports.

Similar to Palm OS HotSync attacks, Windows Mobile Pocket PC and smartphones are susceptible to ActiveSync attacks. While you can protect ActiveSync with a password, the ActiveSync authentication process can be exploited through data interception (password sniffing) or brute force dictionary attacks.

A user can enter an unlimited number of password attempts into the ActiveSync password prompt, which enables the possibility of a brute force dictionary attack. Hackers sometimes set up systems that generate sophisticated automatic scans to remote devices that attempt to try every word, or combination of words, in multiple dictionaries in an attempt to crack passwords. This is one of the reasons you do not want your PDA or smartphone to allow an unlimited number of password attempts.

Every time an ActiveSync handheld is connected to a desktop PC via its cradle, ActiveSync requires a password to be entered. Users however have the option of saving this password on the desktop PC to expedite the connection process. The problem is that if an unauthorized user gains access to the desktop, they then also have access to the ActiveSync password. And even if the password is encrypted, unauthorized users could potentially use a dictionary attack to break the password.

Prevent Enterprise Vulnerabilities
One of the best ways to safeguard PDAs and smartphones on an enterprise level is to create security policy template files and distribute them to the end-user devices. To do this, most companies need to purchase a third-party handheld security policy editor that can create group policies that integrate with either Active Directory or Lightweight Directory Access Protocol (LDAP).

Controlling security policies through a centralized management system is the most effective approach to secure corporate mobile devices. In evaluating enterprise PDA security products, look for those that have—at the very minimum—the ability to provide the following:

·	Protect personal databases such as address books,
	calendars and date books
·	Protect application databases such as SQL Server CE
·	Encrypt files, database, and folders
·	Strengthen password protection by turning on lock-out features
·	Expire passwords after a pre-determined length of time has passed

The PDA security policy editor should always be centralized and integrated with your directory services. A solution that is not centralized will create a great deal of administrative overhead.