Cyber Security Institute

§ Current Worries

Top 3 Worries

  • Regulations
  • Old Firewall Configurations
  • Security Awareness

§ Listening

For the best information

  • The underground
  • Audible
  • Executive Excellence
  • Music (to keep me sane)

§ Watching

For early warnings

  • 150 Security Websites
  • AP Newsfeeds
  • Vendors

Thursday, August 17, 2006

Defending Cell Phones and PDAs Against Attack

As cell phones and PDAs become more technologically advanced, attackers are finding new ways to target victims.  By using text messaging or email, an attacker could lure you to a malicious site or convince you to install malicious code on your portable device.  Some cell phones and PDAs also offer the ability to connect to the internet.  Although these are features that you might find useful and convenient, attackers may try to take advantage of them.

These messages, supposedly from a legitimate company, may try to convince you to visit a malicious site by claiming that there is a problem with your account or stating that you have been subscribed to a service.

Not only does this hide the real attacker’s identity, it allows the attacker to increase the number of targets (see Understanding Denial-of-Service Attacks for more information).

Trying to gain access to account information - In some areas, cell phones are becoming capable of performing certain transactions (from paying for parking or groceries to conducting larger financial transactions).  An attacker who can gain access to a phone that is used for these types of transactions may be able to discover your account information and use or sell it.

Follow general guidelines for protecting portable devices
- Take precautions to secure your cell phone and PDA the same way you should secure your computer (see Cybersecurity for Electronic Devices and Protecting Portable Devices: Data Security for more information).

- Be careful about posting your cell phone number and email address - Attackers often use software that browses web sites for email addresses.  These addresses then become targets for attacks and spam (see Reducing Spam for more information).  By limiting the number of people who have access to your information, you limit your risk of becoming a victim.

Messages from unknown person = While the links may appear to be legitimate, they may actually direct you to a malicious web site.

Be wary of downloadable software - There are many sites that offer games and other software you can download onto your cell phone or PDA.

Disable Bluetooth when you are not using it to avoid unauthorized access (see Understanding Bluetooth Technology for more information).

http://www.us-cert.gov/cas/tips/ST06-007.html

Posted on 08/17
AdvicePermalink