Cyber Security Tip ST05-017
Cybersecurity for Electronic Devices
When you think about cybersecurity, remember that electronics such as
cell phones and PDAs may also be vulnerable to attack. Take
appropriate precautions to limit your risk.
Why does cybersecurity extend beyond computers?
Actually, the issue is not that cybersecurity extends beyond
computers; it is that computers extend beyond traditional laptops and
desktops. Many electronic devices are computers--from cell phones and
PDAs to video games and car navigation systems. While computers
provide increased features and functionality, they also introduce new
risks. Attackers may be able to take advantage of these technological
advancements to target devices previously considered "safe." For
example, an attacker may be able to infect your cell phone with a
virus, steal your phone or wireless service, or access the data on
your PDA. Not only do these activities have implications for your
personal information, but they could also have serious consequences if
you store corporate information on the device.
What types of electronics are vulnerable?
Any piece of electronic equipment that uses some kind of computerized
component is vulnerable to software imperfections and vulnerabilities.
The risks increase if the device is connected to the internet or a
network that an attacker may be able to access. Remember that a
wireless connection also introduces these risks (see Securing Wireless
Networks for more information). The outside connection provides a way
for an attacker to send information to or extract information from
your device.
How can you protect yourself?
* Remember physical security - Having physical access to a device
makes it easier for an attacker to extract or corrupt information.
Do not leave your device unattended in public or easily accessible
areas (see Protecting Portable Devices: Physical Security for more
information).
* Keep software up to date - If the vendor releases patches for the
software operating your device, install them as soon as possible.
These patches may be called firmware updates. Installing them will
prevent attackers from being able to take advantage of known
problems or vulnerabilities (see Understanding Patches for more
information).
* Use good passwords - Choose devices that allow you to protect your
information with passwords. Select passwords that will be
difficult for thieves to guess, and use different passwords for
different programs and devices (see Choosing and Protecting
Passwords for more information). Do not choose options that allow
your computer to remember your passwords.
* Disable remote connectivity - Some PDAs and phones are equipped
with wireless technologies, such as Bluetooth, that can be used to
connect to other devices or computers. You should disable these
features when they are not in use (see Understanding Bluetooth
Technology for more information).
* Encrypt files - Although most devices do not offer you an option
to encrypt files, you may have encryption software on your PDA. If
you are storing personal or corporate information, see if you have
the option to encrypt the files. By encrypting files, you ensure
that unauthorized people can't view data even if they can
physically access it. When you use encryption, it is important to
remember your passwords and passphrases; if you forget or lose
them, you may lose your data.
_________________________________________________________________
Authors: Mindi McDowell, Matt Lytle
_________________________________________________________________
Produced 2005 by US-CERT, a government organization.
Note: This tip was previously published and is being re-distributed
to increase awareness.
Terms of use
<
http://www.us-cert.gov/legal.html>
This document can also be found at
<
http://www.us-cert.gov/cas/tips/ST05-017.html>
