Description
Describe different types of handheld devices, including BlackBerrys, PDAs, and iPods and identify ways an attacker can hack into handheld devices. Include at least two examples in your answer.
Explanation & Answer
Short for personal digital assistant, a handheld device that combines computing, telephone/fax, Internet and networking features. A typical PDA can function as a cellular phone, fax sender, Web browser and personal organizer. PDAs may also be referred to as a palmtop, hand-held computer or pocket computer.
BlackBerry is a line of wireless handheld devices (commonly called smartphones) and services designed and marketed by BlackBerry Limited, formerly known as Research In Motion Limited (RIM)
The iPod is a line of portable media players and multi-purpose pocket computers designed and marketed by Apple Inc. The first line was released on October 23, 2001, about 81⁄2 months after iTunes
(Macintosh version) was released. The most recent iPod redesigns were
announced on September 12, 2012. There are three current versions of the
iPod: the ultra-compact iPod Shuffle, the compact iPod Nano and the touchscreen iPod Touch.
Giving Your Phone the Blues
Bluetooth is a wonderful technology. It allows you to connect to headsets, sync up with cars or computers, and much more. However, Bluetooth is also one of the main security gaps by which hackers can get at your phone. There are three basic types of Bluetooth-based attacks:- Bluejacking
Bluejacking is a relatively harmless attack in which a hacker sends unsolicited messages to discoverable devices within the area. The attack is carried out by exploiting Bluetooth's electronic business card feature as a message carrier. The hacker cannot access any information or intercept messages. You can protect yourself from these unsolicited spam messages by putting your phone into "invisible," or "non-discoverable", mode. - Bluesnarfing
Bluesnarfing is much worse than bluejacking because it allows a hacker to get at some of your private info. In this type of attack, a hacker uses special software to request information from a device via the Bluetooth OBEX push profile. This attack can be carried out against devices in invisible mode, but this is less likely due to the time needed to figure out the device's name through guessing. - Bluebugging
When your phone is in discoverable mode, a hacker can use the same entry point as bluejacking and bluesnarfing to try and take over your phone. Most phones are not vulnerable to bluebugging, but some early models with outdated firmware could be hacked this way. The electronic business card transfer process can be used to add the hacker's device as a trusted device without the user’s knowledge. This trusted status can then be used to take control of the phone and the data within.
Bluetooth: Far From High-Risk
Despite the fact that Bluetooth is an entry point for some hackers, it is not a very serious security flaw. Updates to the phone's firmware and new security measures have made carrying out these attacks very difficult for hackers. Most hacking requires expensive software and hardware, making it unlikely that the average person’s device will be the target of an attack. (Learn about Bluetooth 4.0 in From Bluetooth to New Tooth: A Look At Bluetooth 4.0.)Hands-On Hacks
While remote hacking poses a relatively remote risk, hackers can do a lot of if they get their hands on your phone. For one, they can manually set up a back door that will allow them to bluebug your device. Or, if they’ve had some time with the phone and have prepared ahead of time, they can attempt to clone your phone card and use your account on another phone – although this hasn’t really been proved to work and would require the phone's owner to be very gullible. So, while leaving your phone unattended is never a good idea, chances are that it will be stolen rather than hacked.Old Dogs Learn New Tricks
Some of the most obvious cell phone security threats are the ones that have been adapted from computer hacking. Of these, two stand out as real problems for cell phones:- Phishing
Phishing may be actually more effective on a mobile Internet browser because the smaller address bar makes it less likely that a user will carefully check the address before entering information. The best way to protect yourself from phishing is to enter important addresses – those for sites where you will be entering private information – from scratch. - Malware Apps
Just as malware downloaded from the Internet can crack open your computer, malware apps can leave your phone exposed. The major app stores usually try to prevent malware apps from getting spread through their platforms, but malware apps do get through and can even be distributed through Web pages as a download. Common sense is a fair barrier against malware. Right now, the true extent of malware app penetration is unknown and may be exaggerated. (To learn more, check out The 5 Scariest Threats In Tech.)