How Secure Is Your Handheld?

The number one threat to the sensitive data stored on your PDA or smart phone remains physically losing the device, but other threats are looming on the handheld horizon.

"When you send a defective PDA to the manufacturer for tech support, they usually give you a new one and then resell the old one," says John Girard, vice president and research director at Gartner. "Buying dead machines is an ideal method of pursuing identity theft."

What's more, 90 percent of mobile devices lack the protection necessary to ward off hackers, according to a recent strategic planning assumption conducted by Gartner.

"Most devices have IrDA, Bluetooth, and wireless connections, and many of them aren't set up properly. You can just walk around with a connected device of your own and see what you can find," Girard says.

Even if there are security settings activated by default on a device, users will often turn them off if they find them unintuitive to use, he says. "Security needs to be as transparent as possible to users," he says.

Malicious Code

While security researchers have developed "proof of concept" viruses for PDAs and smart phones, nothing has been seen yet "in the wild," says David Perry, global director of education at antivirus developer Trend Micro. "E-mail is easier. It's universal, and PDAs aren't," he says.

Since PDA users can still choose from several operating systems, they face a lower risk that a widespread virus will hit mobile devices.

"As long as it's really easy to do Windows and e-mail, why should people bend themselves out of shape to hit something else?" Perry asks.

But the possibility of always-on wireless connectivity of smart phones and PDAs opens the door to malicious code.

"There was a screen saver being passed around in Europe that would put your phone into a loop and lock it up," Girard says. "And worms on a Web site that you visit with your PDA could switch on Bluetooth. But we don't see viruses or malicious code being a significant threat for mobile devices until the end of 2005."

Protect Your PDA

That doesn't mean you should consider the information on your mobile device completely safe. There are still ways to lose it--and ways to protect yourself from data loss.

"You shouldn't keep things on a PDA that you can't afford to lose. And be vigilant--don't let it get lost or stolen," Girard says.

Also, use the "power-on" password settings in your device, he says. That way, a thief can't even activate your PDA without your password. "And don't store important stuff on peripheral storage where the power-on password might not protect it," he adds.

Third-party applications from vendors such as BlueFire Security, Asynchrony, and others afford additional protections. "BlueFire has a PDA firewall, and you might ask whether you'd need a PDA firewall," Girard says. "But it shuts down Bluetooth, which closes a port where hackers could get in."

Data encryption solutions from some of the same players are also a consideration, so even if the device does fall into the wrong hands, the data will be much harder to abstract.

PDAs are still much safer than desktops or laptops from virus and hacker attacks, but that won't always be the case.

"What you'll find on a PDA today is what you'd find on a laptop five years ago. What you'll find on a PDA five years from now is what you'll find on a laptop today," Girard says. That power and operating system ubiquity will bring a greater potential for harmful intrusions.