Click on the advert above to visit the company web site

Product category: Database management, list services
News Release from: David Ewen Marketing | Subject: PDAs and data security
Edited by the Marketingservicestalk Editorial Team on 09 May 2008

Think your confidential data is secure?

There is a wide-open back door into your PC or company computer network and it is your PDA.

Think again There is a wide-open "back door" into your pc or company computer network and it is your PDA or Personal Digital Assistant

The main purpose of a PDA is to act as an electronic organiser or day planner that is portable, easy to use and capable of sharing information with your PC.

PDAs such as the BlackBerry and T-Mobile Sidekick, are extremely popular in the UK, where these devices are used primarily as a business tool for young professionals who have embraced it heartily.

Also called hand-helds or palmtops, PDAs have evolved rapidly over the past couple of years.

Not only can they manage your personal information, such as contacts, appointments and to-do lists but today's PDA can also connect to the internet, act as global positioning system (GPS) devices, and run multimedia software.

Now your PDA can be combined with mobile phones, multimedia players and other electronic gadgetry.

Even the most basic PDA can handle standard personal information management (PIM) functions, run application software and synchronise with PCs.

Little wonder then, that the rise of the PDA has been meteoric in the day-to-day involvement of the lives of so many.

However, these changes that enable us to do business on the move, are leaving business networks increasingly vulnerable to attack, and the data that they hold, at serious risk.

Never before has the information of so many people, been so vulnerable.

Chances are that if you check ads on eBay you will find at least one BlackBerry "AS IS" for a few pounds.

While these devices may not come with cable, synching station, software or manual, they may well come with something far more valuable - a stockpile of corporate data, all there for anyone to read as soon as it is turned on.

Many PDA users are still unaware of security issues for the electronic devices they use on a daily basis.

There's a new route into your company's secure data and it's your BlackBerry or Sidekick.

The BlackBerry for example, stores company data attachments on a server, rather than the BlackBerry itself, so if a device is ever lost or misplaced someone could easily read sensitive documents.

The BlackBerry lacks encryption capabilities and relies instead on users locking the device with a password.

However, anyone with hacking abilities can easily discover the password and let themselves into the network.

The beauty of the BlackBerry is that it's a DIY type of device.

It basically allows you to take your office with you wherever you go and not be caught unprepared or without the correct documents of a given meeting.

However, for individuals and companies who handle and funnel much of their business dealings through these wonderfully useful devices, both internal and external server security must be taken into account.

Such is the concern, that companies are being warned to make sure they correctly configure their BlackBerry devices, or risk weakening their whole IT security.

David Ewen of DavidEwen.co.uk says that recent testing showed that organisations are still failing to ensure the smart-phone devices are locked down.

He says the BlackBerry architecture can be insecure if no firewalls are used to separate the BlackBerry Enterprise Server (BES) router component from the central BES server on the internal network.

If the BES is compromised and there is no separation of the BES router, it can lead to the whole network becoming insecure, the company claims.

Roy Hills, technical director at NTA, said in a statement: "A hacker could potentially use this back channel to move around inside an organisation undetected".

Hills said the ideal scenario for BlackBerry security is to create a "demilitarised zone" to separate the router component from the BES.

He explained: "If the BES router gets compromised, the demilitarised zone will ensure that there is no direct access to the local area network".

If all that's not given you enough food for thought, then there is also the threat from malicious code, which has moved to handheld devices, to contend with too.

A few years back a program called Liberty Crack popped up on an Internet RelayChat group.

It was a Trojan horse, a program that includes malicious or harmful code in apparently harmless programming or data.

Although it did not cause major problems, Liberty Crack proved significant at the time because it targeted handheld devices.

Such devices, which have communications and internet-access capabilities, have now become so popular, malicious-code writers realise that this technology has distinct security weaknesses.

Liberty Crack served as a wake-up call for the handheld-device and network-security industries.

In the last few years however, malicious code has undergone a key transformation.

Gone are the days when viruses and worms were designed with payloads that only destroyed data, crashed the system or cut off communications.

These days there is clearly an increasing interest in keeping the victim's system online and operational.

More and more the trend is for malicious code to be written to turn a profit.

Today's malware authors are constantly looking for new and vulnerable targets to exploit - especially now that malicious code has been monetised.

Mobile device malware has been an increasing threat in the last few years and it is believed that there are upwards of one hundred variants of malicious code that exploit mobile devices such as smart phones and PDAs.

These variants have been responsible for damaging mobile devices, deleting data, compromising sensitive information and now there are variants that are capable of jumping from mobile devices to Windows desktop systems too.

As mobile phone providers add internet gateways and other services for improved performance and functionality, interest in these devices increases.

However, the major upswing is expected to come as mobile device users gain access to online banking and payment services from their smart phones and PDAs.

This will, without a doubt, cause an increase in interest from the criminal element.

This new threat will only be compounded by the general lack of security awareness and the penchant users have for accepting unsolicited incoming messages.

More information and tips on how to protect your confidential data can be found at the David Ewen Marketing website.

• David Ewen Marketing: contact details and other news
• Email this article to a colleague
• Register for the free Marketingservicestalk email newsletter
• Marketingservicestalk Home Page

Search the Pro-Talk network of sites

Put your news on Marketingservicestalk  |   Advertise  |   Get the free Marketingservicestalk newsletter
  Marketingservicestalk Home  | About Marketingservicestalk  |   Copyright © 2000-2008 Pro-Talk Ltd, UK