Recommendations

As with any other ingress or egress point on PDAs, wireless technologies create a new vector for possible infection through such means as application transfer or the transmission of intentionally faulty data packets. The design of properly secured wireless networks is beyond the scope of this paper, but it should be noted that if the portable devices are not sufficiently protected, they become a weak link in the transaction process. Consideration should particularly be placed on the storage of secret components (e.g., encryption keys), user authentication, and data transfer mechanisms.

Care should be taken when running server applications on a portable device, particularly when using RF technology (which has a wide operating range). These applications allow other devices to connect inbound to the server device thereby increasing the potential for malicious code to be transferred or for other malicious action (e.g., theft of data) to take place.

Global system functionality that would always prompt for user input and display the applications requested for data reception or transmission would diminish wireless infection. The addition of logging mechanisms for post-mortem analysis would also assist. As these are two suggestions that require vendor intervention, it behooves the user of the device to be cognizant of their surroundings and assess the threat before accepting beamed information from unknown people.