PDAs threaten data net security

As PDA (personal digital assistant) usage escalates, concerns grow about data network security, according to research company Gartner Group Inc.’s Solista unit.

Robin Simpson, mobile and wireless consulting group director for Gartner, said handheld devices connecting to the network via different methods behind the firewall could create real problems for IT departments.

The issue holds even more concerns due to a lack of user authentication like “who exactly is accessing (the network) at what point?” “Some companies are not aware of the potential risks surrounding the increasingly prevalent use of PDAs; the access controls require higher levels of diligence as there are new kinds of vulnerabilities,” Simpson said.

“As enterprises develop applications that hook into CRM and ERP applications more sensitive information will be accessed by, and found on, handhelds; tools to provide security on these devices are a bit slow coming.”

However, Simpson said there was too much hype surrounding increased virus attacks finding their way into networks via affected PDAs.

“I think software manufacturers are making the problem bigger than what it is. I think to write a virus that can be transferred from a PDA and is then able to do something nasty on a PC isn’t likely,” he said.

Palm’s platform developer alliance manager for Southeast Asia Gavin Maxwell agrees, and cites the major security issues with handhelds as theft and loss.

“There has only been one malicious application for handhelds to date, the Liberty Trojan horse last year (which deleted all files not pre-installed on the PDA). There have been no viruses yet detected for the Palm. The market is a long way behind that of the PC market in terms of the number and types of attacks,” Maxwell said.

“With wireless capability, there may be the potential of receiving viruses in a different manner, but we are not at that stage just yet.”

Simpson said IT departments should encourage users to think about security when using their device.

“PINs or passwords on devices need to be used. People don’t use the password software as the whole idea of the device is that it is quick to access,” he said.

Simpson predicts PDAs connecting wirelessly to the company’s network will become increasingly common in the near future.

“Special wireless applications enabling users to access back-end systems are being developed and this will increase the amount of sensitive information being stored on handhelds. Applications should be designed to store data with encryption locally,” he said.

Kelvin Rundle, RSA Security technical consultant, said the main issues with handhelds is that security on applications has often been an “afterthought”. The most common problems, he said, were password protection attacks – using back doors, theft of data and the possible spread of viruses via the infrared beaming capability.