Handheld Device Security

Computer Science
Tutor: None Selected Time limit: 1 Day

Describe different types of handheld devices, including BlackBerrys, PDAs, and iPods and identify ways an attacker can hack into handheld devices. Include at least two examples in your answer.

Apr 29th, 2015

Short for personal digital assistant, a handheld device that combines computing, telephone/fax, Internet and networking features. A typical PDA can function as a cellular phone, fax sender, Web browser and personal organizer. PDAs may also be referred to as a palmtop, hand-held computer or pocket computer.

BlackBerry is a line of wireless handheld devices (commonly called smartphones) and services designed and marketed by BlackBerry Limited, formerly known as Research In Motion Limited (RIM)

The iPod is a line of portable media players and multi-purpose pocket computers designed and marketed by Apple Inc. The first line was released on October 23, 2001, about 812 months after iTunes (Macintosh version) was released. The most recent iPod redesigns were announced on September 12, 2012. There are three current versions of the iPod: the ultra-compact iPod Shuffle, the compact iPod Nano and the touchscreen iPod Touch.

Giving Your Phone the Blues

Bluetooth is a wonderful technology. It allows you to connect to headsets, sync up with cars or computers, and much more. However, Bluetooth is also one of the main security gaps by which hackers can get at your phone. There are three basic types of Bluetooth-based attacks:
  • Bluejacking
    Bluejacking is a relatively harmless attack in which a hacker sends unsolicited messages to discoverable devices within the area. The attack is carried out by exploiting Bluetooth's electronic business card feature as a message carrier. The hacker cannot access any information or intercept messages. You can protect yourself from these unsolicited spam messages by putting your phone into "invisible," or "non-discoverable", mode.

  • Bluesnarfing
    Bluesnarfing is much worse than bluejacking because it allows a hacker to get at some of your private info. In this type of attack, a hacker uses special software to request information from a device via the Bluetooth OBEX push profile. This attack can be carried out against devices in invisible mode, but this is less likely due to the time needed to figure out the device's name through guessing.

  • Bluebugging
    When your phone is in discoverable mode, a hacker can use the same entry point as bluejacking and bluesnarfing to try and take over your phone. Most phones are not vulnerable to bluebugging, but some early models with outdated firmware could be hacked this way. The electronic business card transfer process can be used to add the hacker's device as a trusted device without the user’s knowledge. This trusted status can then be used to take control of the phone and the data within.

Bluetooth: Far From High-Risk

Despite the fact that Bluetooth is an entry point for some hackers, it is not a very serious security flaw. Updates to the phone's firmware and new security measures have made carrying out these attacks very difficult for hackers. Most hacking requires expensive software and hardware, making it unlikely that the average person’s device will be the target of an attack. (Learn about Bluetooth 4.0 in From Bluetooth to New Tooth: A Look At Bluetooth 4.0.)

Hands-On Hacks

While remote hacking poses a relatively remote risk, hackers can do a lot of if they get their hands on your phone. For one, they can manually set up a back door that will allow them to bluebug your device. Or, if they’ve had some time with the phone and have prepared ahead of time, they can attempt to clone your phone card and use your account on another phone – although this hasn’t really been proved to work and would require the phone's owner to be very gullible. So, while leaving your phone unattended is never a good idea, chances are that it will be stolen rather than hacked.

Old Dogs Learn New Tricks

Some of the most obvious cell phone security threats are the ones that have been adapted from computer hacking. Of these, two stand out as real problems for cell phones:
  • Phishing
    Phishing may be actually more effective on a mobile Internet browser because the smaller address bar makes it less likely that a user will carefully check the address before entering information. The best way to protect yourself from phishing is to enter important addresses – those for sites where you will be entering private information – from scratch.

  • Malware Apps
    Just as malware downloaded from the Internet can crack open your computer, malware apps can leave your phone exposed. The major app stores usually try to prevent malware apps from getting spread through their platforms, but malware apps do get through and can even be distributed through Web pages as a download. Common sense is a fair barrier against malware. Right now, the true extent of malware app penetration is unknown and may be exaggerated. (To learn more, check out The 5 Scariest Threats In Tech.)

Low-Tech Hacking

Not all phone hacks involve software, equipment or technical expertise. One of the most common phone hacks is to take advantage the voicemail of a user who hasn't bothered to set a unique PIN. Phone networks often assign a default PIN in these cases, which allows the hacker to access the voicemail using a person’s phone number and a default PIN picked up off the Web. Even if a PIN is set, a hacker can reset your account by learning some key personal details and calling customer service. The best way to protect yourself is to change your PIN regularly and avoid using numbers related to your publicly available info (birthday, anniversary and so on).

The Takeaway

Mobile security is an ongoing concern as users increasingly access personal information from handheld devices. For hackers, the large amount of data stored on smartphones makes them an irresistible target, but regular updates from smartphone manufacturers also make these devices difficult targets. The best way to protect yourself is to be aware of the risks and take the appropriate steps to safeguard your phone, including updating firmware, choosing secure PINs and using extreme caution when transmitting or accessing personal information on a mobile device.

Apr 29th, 2015

Studypool's Notebank makes it easy to buy and sell old notes, study guides, reviews, etc.
Click to visit
The Notebank
Apr 29th, 2015
Apr 29th, 2015
Mar 27th, 2017
Mark as Final Answer
Unmark as Final Answer
Final Answer

Secure Information

Content will be erased after question is completed.

Final Answer