PDAs'convenience, and no security

LAS VEGAS'A proof-of-concept virus discovered last week is a relatively benign bug for infecting Windows CE devices. It carries no destructive payload and has not been released in the wild.

But a little tweaking of the code demonstrated at the Black Hat Briefings Wednesday can let an attacker delete files from a personal digital assistant running the Microsoft operating system.

'This virus is more of a threat than some people realize,' said Seth Fogie, vice president of Airscanner Corp. of Dallas. 'He has laid down the foundation for a whole class of CE viruses.'

PDAs have not been obvious targets so far for virus writers and hackers, but their software carries most of the security vulnerabilities that have caused headaches on desktop and notebook computers.

'The things are pretty much completely lacking in security,' Fogie said. 'It's pretty simple to get in to and control.'

Fogie demonstrated a number of hacks that would wipe data from the devices or let a snooper spy on the PDA while in use. The devices also provide what Fogie called mobile-attack platforms against wireless networks. He said network administrators should accept that the personal devices would be used on networks and make an effort to understand who is using them and how.

He made a number of recommendations to administrators for securing PDAs:

  • The enterprise should own and manage PDAs used on its networks, controlling and encrypting the data stored on them

  • Strong passwords should be enforced in place of default four-character passwords

  • Synchronization should be encrypted and secured

  • Wireless connections to the network should be secured

  • Firewalls and antivirus software should be used on PDAs

  • Data should be backed up regularly.



  • About the Author

    William Jackson is a Maryland-based freelance writer.

    Stay Connected

    Sign up for our newsletter.

    I agree to this site's Privacy Policy.