As cell phones and PDAs become more technologically advanced,attackers 
are finding new ways to target victims. By using text messaging or email, 
an attacker could lure you to a malicious site or convince you to install 
malicious code on your portable device.

The United States Computer Emergency Readiness Team (US-CERT) has published a set of security tips for handhelds on Defending Cell Phones and PDAs Against Attack.

It describes some risks and how to protect yorself, mostly all common sense, but good to document. The following is an excerpt from the handheld security tips:

  • Follow general guidelines for protecting portable devices
    Take precautions to secure your cell phone and PDA the same way you
    should secure your computer (see Cybersecurity for
    Electronic Devices     and Protecting
    Portable Devices: Data Security     for more information).

  • Be careful about posting your cell phone number and email
    address     – Attackers often use software that browses web sites for
    email addresses. These addresses then become targets for attacks and
    spam (see Reducing Spam
    for more information). Cell phone numbers can be collected
    automatically, too. By limiting the number of people who have access
    to your information, you limit your risk of becoming a
    victim.

  • Do not follow links sent in email or text messages – Be
    suspicious of URLs sent in unsolicited email or text messages. While
    the links may appear to be legitimate, they may actually direct you to
    a malicious web site.

  • Be wary of downloadable software – There are many sites
    that offer games and other software you can download onto your cell
    phone or PDA. This software could include malicious code. Avoid
    downloading files from sites that you do not trust. If you are getting
    the files from a supposedly secure site, look for a web site
    certificate (see Understanding Web
    Site Certificates     for more information). If you do download a file
    from a web site, consider saving it to your desktop and manually
    scanning it for viruses before opening it.

  • Evaluate your security settings – Make sure that you
    take advantage of the security features offered on your
    device. Attackers may take advantage of Bluetooth connections to
    access or download information on your device. Disable Bluetooth when
    you are not using it to avoid unauthorized access (see Understanding
    Bluetooth Technology     for more information).

ceo