Cell phone security

Cell phones and PDAs have fused. Take the Nokia N810 as an example: it has a full keyboard, a high-resolution (800 x 480 pixel, 64K colors) screen, and a 400-MHz processor running Linux. They include applications for e-mail, calendar, music, Web browsing, maps, and image-handling. Their networking capabilities include IEEE 802.11b/g, Bluetooth, and USB connectivity.

According to PC World, researchers at the Georgia Tech Information Security Center warned in October 2008 that “As Internet telephony and mobile computing handle more and more data, they will become more frequent targets of cyber crime.”
Computer scientists Wayne Jansen and Karen Scarfone of the Computer Security Division of the Information Technology Laboratory at the National Institute of Standards and Technology (NIST) have written a new (October 2008) Special Publication entitled “Guidelines on Cell Phone and PDA Security,” (NIST SP800-124) which summarizes the security issues and provides recommendations for protecting sensitive information carried on these devices. 
The Executive Summary presents a succinct overview including a list of vulnerabilities leading to risks for corporate security from cell phones and PDAs:

Related Content

• Anonymous again says it will not attack Facebook on Saturday
• Microsoft releases manual fix for Duqu zero-day
• Security roundup for Nov. 4: virtualization is key to public cloud security; China, Russia accused of cyber-espionage; More Duqu for you
• Mozilla, Microsoft withdraw trust in Malaysian intermediate CA

View more related content

Get Daily News by Email

• The devices are easily lost or stolen and few have effective access controls or encryption;
• They’re susceptible to infection by malware;
• They can receive spam;
• Wireless communications can be intercepted, remote activation of microphones can eavesdrop on meetings, and spyware can channel confidential information out of the organization;
• Location-tracking systems allow for inference;
• E-mail kept on servers as a convenience for cell-phone/PDA users may be vulnerable to server vulnerabilities.
The key recommendations, which are discussed at length in this 51-page document, include the following (quoting from the list on page ES-2 through ES-4):
1. Organizations should plan and address the security aspects of organization-issued cell phones and PDAs.
2. Organizations should employ appropriate security management practices and controls over handheld devices.
a. Organization-wide security policy for mobile handheld devices
b. Risk assessment and management
c. Security awareness and training
d. Configuration control and management
e. Certification and accreditation.
3. Organizations should ensure that handheld devices are deployed, configured, and managed to meet the organizations’ security requirements and objectives.
a. Apply available critical patches and upgrades to the operating system
b. Eliminate or disable unnecessary services and applications
c. Install and configure additional applications that are needed
d. Configure user authentication and access controls
e. Configure resource controls
f. Install and configure additional security controls that are required, including content encryption, remote content erasure, firewall, antivirus, intrusion detection, antispam, and virtual private network (VPN) software
g. Perform security testing.
4. Organizations should ensure an ongoing process of maintaining the security of handheld devices throughout their lifecycle.
a. Instruct users about procedures to follow and precautions to take, including the following items:
• Maintaining physical control of the device
• Reducing exposure of sensitive data
• Backing up data frequently
• Employing user authentication, content encryption, and other available security facilities
• Enabling non-cellular wireless interfaces only when needed
• Recognizing and avoiding actions that are questionable
• Reporting and deactivating compromised devices
• Minimizing functionality
• Employing additional software to prevent and detect attacks. Enable, obtain, and analyze device log files for compliance
b. Establish and follow procedures for recovering from compromise
c. Test and apply critical patches and updates in a timely manner
d. Evaluate device security periodically.
After reading this document, it is clear to me that organizations should consider the benefits of issuing centrally selected and centrally controlled devices to their employees rather than allowing employees to download potentially sensitive information to a wide variety of uncontrolled mobile targets for industrial espionage. NIST SP800-124 will provide a useful framework for discussions and planning of reasonable security programs to prevent serious losses from unsecured cell phones and PDAs. 

Security Phone

By Rituraj Saikia

2 Pictures

Security Phone
Image Gallery (2 images)

IP Video Surveillance - www.tulip.net/IP_Video_Surveillance
Hosted IP based surveillance 1 stop solution for IP surveillance

Ads by Google

The "Smart Phone" Security Telephone system from Skandia connects wirelessly to a range of different sensors that monitor the home and let you know about it in the event of a disturbance. An infinite number of sensors can be connected to the phone including magnetic window and door sensors, passive infrared sensors (PIR) and smoke detectors, with the systems are configured to suit the needs of the user - the basic package includes the phone and one PIR sensor, magnetic sensor and remote control. Alarm functions include remote arming, 5-90 seconds delayed entry and exit times, user recorded alarm message and a dialling list of five phone numbers (with a maximum 3 attempts each) to ensure the message gets through in case of an emergency - the phone will even tell you whether its an intruder, fire, or other type of emergency. A portable pendant necklace or "Panic Alarm" connected to the system is also available to enable elderly, sick or disabled people to call for help if needed. The Smart Phone systems begin at around AUS$595 and the optional pendant costs AUS$99.