Purdue University proudly presents
Doug Couch & Nathan Heck, IT Security Analysts
www.purdue.edu/securepurdue

Any security devices or software shown
during this presentation is for demonstration
purposes only. Purdue University does not
endorse or support any PDA security device
or software solutions at this time.
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue

BlackBerry Video
www.purdue.edu/securepurdue

Loss
 Biggest threat to PDA’s
 In one Chicago cab company in 6 months:
▪ 85,619 mobile phones
▪ 21,460 PDAs/Pocket PCs
▪ 4,425 laptops
 80% of all passengers were reunited with phones and 96% with
their Pocket PCs/PDAs and laptops
 In 2007 about eight million phones were lost
 Only about 72% were recovered
www.purdue.edu/securepurdue
www.gizmag.com
www.purdue.edu/securepurdue

Theft
 Next biggest threat to PDAs
 Be aware that they are a target
 Know how to secure them
 Know what to do if they are stolen
www.purdue.edu/securepurdue

Unauthorized Access
 Your device can be under attack at any time
 Do:
▪ Enable the built in security
▪ Double check your configuration
 Don’t:
▪ Use obvious PIN’s
▪ Write your PIN on your PDA
www.purdue.edu/securepurdue

Electronic Eavesdropping
 “Network sniffing”
 Spyware
 Wi-Fi hotspot impersonation
 Possibly even cellular network vulnerabilities
www.purdue.edu/securepurdue

Electronic Tracking
 Uses either GPS or cellular triangulation
 Is available for tracking family or employees
 Can be quickly enabled on unattended phones
 Some trackers are stealthy
 Tracking services may be vulnerable to compromise
www.purdue.edu/securepurdue

Electronic Tracking
www.purdue.edu/securepurdue

Spam
 Annoying (as always)
 Can be costly
▪ SMS spam may be charged per message
▪ Email spam may include images which take more bandwidth
 Can be used for Social Engineering
▪ Can be used to trick users into calling or texting a chargeable
number
▪ Used for Phishing to trick users into giving up private info
www.purdue.edu/securepurdue

Malware
 Send mass SMS and MMS messages
 Dial premium-rate numbers without your knowledge
 Delete or steal your personal information
 Disable functions of the phone
 Use up the battery much faster than usual
 Send infected files to others (via email, Wi-Fi, Bluetooth etc.)
 Transfer malicious code to a PC during synchronization
 30% of cell phone users in the U.S. receive e-mail attachments
www.purdue.edu/securepurdue

Your device

Your personal data

Your business data or trade secrets

Money, due to an increased phone bill from unauthorized calls
or data use

Your reputation

Possibly corporate data on servers
www.purdue.edu/securepurdue
 Be Proactive
 Configure user authentication and access controls
 Apply critical patches and upgrades
 Remove or disable unnecessary services or applications
 Install additional security software
www.purdue.edu/securepurdue

Maintain the security of your PDA
 Maintain physical control of the device
 Reduce exposure of sensitive data
 Backup data frequently
 Use encryption
 Enabling wireless interfaces only when needed
 Enable and analyze device log files
 Test and apply critical patches in a timely manner
 Evaluate device security periodically
www.purdue.edu/securepurdue








Plan ahead
Use a PDA case
Use a screen protector
Use a surge protector when charging your PDA
Avoid using your PDA near liquids (or in the rain)
Use hands free options while driving
Don’t lend your PDA to someone
Consider device insurance
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue

Treat a PDA like a credit card:
 maintain control at all times and store it securely






Be especially cautious while traveling
Keep a low profile when using your PDA
Record your PDA’s Identifying numbers
Engrave an ID number on it
Remove your data card
Dispose of properly
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue

Enter your contact information in the owner fields

Set a repeating alarm to go off on a regular interval

Use a security sticker or label

Third party recovery services

IF YOUR PDA IS LOST, YOUR DATA MUST BE
ASSUMED TO BE COMPROMISED!
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue







Enable your built-in security
Configure to lock when inactive
Change any default passwords
Synchronize and backup data frequently
Remove or disable unnecessary services and
applications
Don't store data on the SIM card
Use removable storage cards to store data
separately
www.purdue.edu/securepurdue

Password management databases

Intrusion detection

Anti-virus

Anti-spam

Personal firewall

Device content and memory card encryption
www.purdue.edu/securepurdue

Alternate authentication programs

Remote locking/erasure

Remote tracking

GSM SIM lock

Multimedia Card Security Standard
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue

Use only secured wireless networks

Verify the SSID

Use a VPN when possible

Disable Wi-Fi ad-hoc mode

Disable Wi-Fi when not in use
www.purdue.edu/securepurdue

Disable the ‘discover’ mode of your Bluetooth

Always require a password to pair a device with
your PDA

Disable Bluetooth when not in use

Keep a list of paired devices

Configure Bluetooth for the lowest power setting
www.purdue.edu/securepurdue

IR
 Disable or block if possible

GPS
 Disable when not using, if possible

USB
www.purdue.edu/securepurdue

VPN Clients

Phone firewall

SSH clients

ActiveSync lock

Email digital certificates
www.purdue.edu/securepurdue

Make sure you have the following information:









Serial Number
MAC Address (if Wi-Fi capable)
IMEI for GSM
If stolen, report it to the local law enforcement
Call your cellular provider and report the loss
At Purdue, report the loss to abuse@purdue.edu and provide the
MAC address
Add your PDA's information to the "Stolen Computer Registry" www.stolencomputers.org
Disable, lock, track, or erase it remotely
Change your passwords
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue
www.purdue.edu/securepurdue