The danger of PDAs
by Oxygen3 - Monday, 04 November 2002.
PDAs (personal digital assistants), pocket-sized diaries that are becoming increasingly more powerful, can represent a serious threat to corporate security.

As PDAs become smaller and their capabilities increase, these devices are becoming more popular in corporate environments, especially among managerial staff. This, combined with the ease with which data can be transmitted from a computer to these devices, means that the amount of sensitive information stored on them has also increased significantly. And as PDAs are now smaller than ever, the risk of them (and therefore critical data) being lost or stolen is now greater than ever.

Sometimes the information they store may not be very important, as they could just contain a few games or the like, but in most cases, the information stored is highly sensitive. PDAs are often used to store credit card numbers, computer passwords, mail account data and even confidential financial or commercial information. For this reason, a PDA in the hands of a malicious user could become a key to the corporate network.

Another important factor is the use of PDAs by malicious users as attack tools. As the PDA can be converted into just another computer with network access, an attacker could add the software needed to carry out attacks and at the same time, would also have the space needed to save the information obtained. An attacker could then access a whole network in a matter of minutes and obtain vast amounts of data without anyone realizing.


Pen-testing drone searches for unsecured devices

You're sitting in an office, and you send a print job to the main office printer. You see or hear a drone flying outside your window. Next thing you know, the printer buzzes to life and, after spitting out your print job, it continues to work and presents you with more filled pages than you expected.

Weekly newsletter

Reading our newsletter every Monday will keep you up-to-date with security news.

Daily digest

Receive a daily digest of the latest security news.

Fri, Oct 9th