NEW ORLEANS (03/27/2000) - Companies were warned last week that corporate information on handhelds could fall into the wrong hands, but wireless LANs remain a bigger concern.
At a conference here on mobile and remote network access sponsored by Stamford, Connecticut-based Gartner Group Inc., analysts scrutinized security issues that handheld users should consider.
The greatest risks surrounding handhelds are that they can be easily lost or stolen. But Gartner analyst Phil Redman said that the wireless devices' best defense is that they are nomadic and not constantly connected to the corporate network. This fact makes it difficult for interlopers working in the area to locate a specific signal and sort individual messages from the stream on a spectrum band.
Alex Robinson at Maple Valley, Washington-based Tranzoa Co., producer of the OnlyMe access control program for Palm Inc.'s Palm devices, said that encrypting data with a pass phrase of a half dozen words makes the data secure, although it's cumbersome to input it on a handheld unit.
Account and password management programs, such as Clifton, New Jersey-based Zetetic Enterprises' Secure Tool for Recalling Important Passwords, use 128-bit Triple Data Encryption Standard to store data such as credit-card numbers, or voice mail access codes. But Robinson noted that encryption programs often require long passwords, and many wireless applications limit the amount of time a user can spend entering this data - ironically, to thwart crackers who may be fishing for passwords.
Another drawback to encrypted data is that users can lose data forever by forgetting a password. Encrypted programs generally expand the data, he said, but the old version of the Palm desktop truncated memos to 4KB. "Encrypted memos were longer than 4K," said Robinson. "Now I have several permanently encrypted memos."
According to Gartner analyst Bob Egan, the security worry is higher when companies use wireless LANs. In theory, a well-equipped corporate spy could position himself near corporate headquarters and tap the stream of wireless data.
While stories about research laboratories conducting strip searches for personal digital assistants or barring scientists from using such devices circulated at the conference, users were encouraged to consider practical defensive techniques.