Chapter 6. Exploiting PDAs
PDAs have been around for years, and they quickly worked their way into the corporate enterprise. Years ago when I worked in IT operations, all the sales people would utilize their Palm Pilots to keep track of their schedules. The Palm Pilots would synchronize with the sales people's email‐program schedule, and they wouldn't do a whole lot beyond that.
These days, PDAs are extremely powerful. They now can hold gigabytes of data, work with MS Office documents, and even connect to wireless networks. PDA technology has even been incorporated into cell phones. Now a cell phone can be a Palm Pilot or a Pocket PC. The technology has really come a long way since the old days.
If you asked any enterprise whether their users utilized PDAs, they would undeniably state that they do. Not many enterprises pay for employees' PDAs, but end users certainly buy them and use them for work‐related activities. In many ways, enterprises consider this a good situation. Their workers get to be more productive by using PDAs and the enterprise doesn't have to pay for them. The problem is that enterprises think they don't have to worry about them either.
If you also asked just about any enterprise what their security strategy is regarding PDAs, chances are you wouldn't get a worthwhile response. There are quite a few reasons for this, but it is unfortunate: PDAs can pose a significant security risk and certainly should not be ignored.
In this chapter I'll cover the gamut of threats ...