Hand-Held Devices Easy to Hack

Hand-held computers used to store phone numbers, medical and credit-card information leave millions of gadget lovers fully exposed to identity-theft and other crimes, security experts said on Saturday.
Software is now widely available to allow people to steal passwords and other information from popular Palm-based computers, especially when they connect to other computers to share data, said Bryan Glancey, a manager at wireless security services provider MobileArmor of St. Louis, Missouri.

While millions of people now rely on handy electronic scheduling and address books, few carry sufficient security protections to prevent identity theft if the hand-held is lost or stolen, as is commonplace.

Simple programs exist to uncover even hidden data, Glancey said. Other software allows people to steal data while remaining at some distance from the victims, he added.

"Don't put any secure information on your PocketPC or your Palm," Glancey warned after a speech on the subject at DefCon, the largest annual computer security conference in the world. "They don't have any security features built in," he said.

While mobile computers are vulnerable, they are also powerful enough to be used to launch attacks on other users.

Paul Clip of Internet security consultant AtStake told attendees at one workshop session here how people could use Palm Pilots to test for vulnerabilities in wireless networks.

Clip cited reports of criminals using hand-helds to steal anti-theft car passcodes that are transmitted by infrared radio waves over short distances.

Source: Reuters