Skip redundant pieces
Security Information Center
Information Resources  :  Security

Personal Digital Assistants (PDAs) and Smart Phones

Most Personal Digital Assistants (better known as "PDAs") include security features that can be enabled to prevent unauthorized access to the device.   Some of the issues that you should consider when securing your PDA or smart phone are described below. 

1.  Don't leave the PDA unattended.

One of the great things about your PDA is that it's small enough to fit into a pocket. Unfortunately, this also makes it an attractive target for thieves or for someone who simply can't resist playing with a neat-looking gadget.   Be careful not to leave your PDA where someone can grab it.   And never leave it in a car or in luggage that you check at the airport.  Remember, if your PDA is gone, your data is gone too.

Displaying your contact information on your PDA may make it easier for someone to return it to you if it is lost.  Pocket PC has a nice feature that lets you display your owner information when the device is turned on, even if you have activated password protection. (Look under the "Personal" tab for this setting.)  Likewise, if you turn on the password lock-out feature on a Palm PDA, it will display owner information along with the password request. (Look under "Preferences".) You can also put a label or business card on your device; that way even PDA-shy folks can return your device.

 2. Configure password protection.

A very basic way to protect data is to enable a password and auto lock security features on the device. This provides a minimal level of data protection by prompting the user to enter a password to access the device.  We recommend that you configure your PDA to prompt for a password when it is turned on or after it has sat idle\unused for a time period of 15 minutes.  Several steps are required in order to activate the auto lock feature on both Pocket PC and Palm PDAs.   (Click here for detailed steps on configuring passwords on Palm and Windows CE\Mobile devices.)

3. Install antivirus software.

While viruses on PDAs and smart phones are still relatively new, they DO exist and will probably become more prevalent in the future.  Most major antivirus software vendors such as Symantec and McAfee all offer antivirus software for mobile devices at a cost.  While we don't recommend them because of the risk that they are not being updated quickly and consistently, there are also free antivirus products available for download on the Internet.

4. Consider using encryption software to protect your data.

Using encryption to scramble the information on your PDA is a great way to protect the information stored on it. In the event that the PDA is stolen or lost, encryption will prevent someone from accessing the information.

For KUMC Staff and Faculty who are using their PDA or smart phone to store or access sensitive information, use of encryption software is required (according to the University's Mobile Device Security Policy.)   Contact Information Security at 8-3333 to receive standard encryption software free of charge.

Students:  Encryption isn't necessary but it's a good idea to protect your information.  If your PDA doesn't already offer built-in encryption (many of the newer Palm PDAs do), there are many downloadable encryption tools.  For Pocket PCs, examples include PocketLock, which protects and encrypts Pocket PC files for $19.95, and Secubox, which offers transparent data encryption for $39.

For Palm devices, MemoSafe replaces the Palm memo applications with an encrypted one for $7. For $19.95, MaxSecret stores private information on a Palm-based device using PGP encryption.

5. Use wireless appropriately.

Many PDAs are configured to automatically accept any wireless connection request, whether it's from someone you know or not. Turn the auto-connect setting off or set it to prompt you for permission, or sooner or later someone you don't know is going to connect to your PDA.

In addition, when you aren't using your wireless connections, disable the wireless feature so that no unauthorized connections are made to your PDA. This will also help save your battery!

PDA manufacturers differ widely in how these features are implemented.  For more information on disabling wireless or the auto-connect features on your PDA, please refer to your owner's manual.

6. Use Bluetooth and infrared features appropriately.

Bluetooth is a technology that has made wireless connectivity between devices very easy but this ease of connectivity also has some security implications. The most secure configuration is to disable Bluetooth completely.  At a minimum, if you utilize your device's Bluetooth features, you should:
  1. Disable the 'discover' or broadcast mode of your PDAs Bluetooth connection to prevent others from "discovering" your PDA.  If they can't see it, they can't try to hack it.
  2. Require a password from the Bluetooth device prior to pairing with your PDA. These two security changes to your PDA should prevent unauthorized Bluetooth devices from connecting to your corporate PDAs.
Most PDAs also have an infrared port that can be used to synchronize PDAs, or ‘beam’ information from one device to another. The ability to beam information also can make PDA devices susceptible to remotely accepting commands (programming) and opens the door to viruses, hacking or other nefarious connections. When you're not using infrared, disable it to

PDA manufacturers differ widely in how these features are implemented.  For more information on disabling Bluetooth and infrared features on your PDA, please refer to your owner's manual.

7. Configure the PDA to only synchronize with your computer.

Synchronizing your PDA with a PC is a great way to make sure that the information contained on your PDA isn't lost if your battery goes dead.  For maximum security and to prevent a thief from also stealing your data from your PDA, you can configure the device to only synchronize with a designated computer (e.g., your home computer.) 

PDA manufacturers differ widely in how these features are implemented.  For more information on configuring synchronization on your PDA, please refer to your owner's manual.

8. Be careful about the software that you download.

There is a ton of PDA software available for download on the Internet, but all software may not be fairly represented. That game that you just download may just be a clever cover-up for a virus or program that is looking to steal your passwords or data.  As a general rule, stick with brand names and make sure anything that you download is checked with an antivirus program before you install it.