Draft security publication looks at cell phones, PDAs

Personal Digital Assistants (PDAs) have exploded in power, performance, and features. They now often boast expanded memory, cameras, Global Positioning System receivers, and the ability to record and store multimedia files and transfer them over wireless networks-in addition to the cell phone system-using WiFi, infrared and Bluetooth communications. They also make phone calls. On 7 July, the National Institute of Standards and Technology (NIST) published for comment draft guidelines on security considerations for cell phones and PDAs. Part of a series of publications on computer security issues, the draft guidelines provide an overview of cell phones and PDA devices in use today and the growing security threats that they face and propose a framework that organizations can use to manage the security risks. “The security issues for cell phones and PDAs range beyond those of other computer equipment,” the NIST authors observe. “Moreover, many common safeguards available for desktop and networked computers are generally not as readily available across a broad spectrum of handheld device types.” The draft document notes that some security enhancements better known in the personal computer world are becoming available for PDAs and smart phones, including stronger user authentication systems based on biometrics, and firewall, antivirus and intrusion detection software.