CERT mailing list archives

Previous By Date Next
Previous By Thread Next

Cyber Security Tip ST05-017 -- Cybersecurity for Electronic Devices

From: US-CERT Security Tips <security-tips () us-cert gov>
Date: Wed, 29 Sep 2010 15:29:18 -0400

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

                          Cyber Security Tip ST05-017
                     Cybersecurity for Electronic Devices

   When you think about cybersecurity, remember that electronics such as cell
   phones and PDAs may also be vulnerable to attack. Take appropriate
   precautions to limit your risk.

Why does cybersecurity extend beyond computers?

   Actually, the issue is not that cybersecurity extends beyond computers; it
   is that computers extend beyond traditional laptops and desktops. Many
   electronic devices are computers—from cell phones and PDAs to video games
   and car navigation systems. While computers provide increased features and
   functionality, they also introduce new risks. Attackers may be able to take
   advantage of these technological advancements to target devices previously
   considered "safe." For example, an attacker may be able to infect your cell
   phone with a virus, steal your phone or wireless service, or access the data
   on  your  PDA. Not only do these activities have implications for your
   personal information, but they could also have serious consequences if you
   store corporate information on the device.

What types of electronics are vulnerable?

   Any  piece of electronic equipment that uses some kind of computerized
   component is vulnerable to software imperfections and vulnerabilities. The
   risks increase if the device is connected to the internet or a network that
   an attacker may be able to access. Remember that a wireless connection also
   introduces  these  risks  (see  Securing  Wireless  Networks  for more
   information). The outside connection provides a way for an attacker to send
   information to or extract information from your device.

How can you protect yourself?

     * Remember physical security - Having physical access to a device makes it
       easier for an attacker to extract or corrupt information. Do not leave
       your  device  unattended in public or easily accessible areas (see
       Protecting Portable Devices: Physical Security for more information).
     * Keep  software up to date - If the vendor releases updates for the
       software  operating your device, install them as soon as possible.
       Installing them will prevent attackers from being able to take advantage
       of known problems or vulnerabilities (see Understanding Patches for more
       information).
     * Use good passwords - Choose devices that allow you to protect your
       information with passwords. Select passwords that will be difficult for
       thieves to guess, and use different passwords for different programs and
       devices (see Choosing and Protecting Passwords for more information). Do
       not choose options that allow your computer to remember your passwords.
     * Disable remote connectivity - Some PDAs and phones are equipped with
       wireless technologies, such as Bluetooth, that can be used to connect to
       other devices or computers. You should disable these features when they
       are  not  in  use (see Understanding Bluetooth Technology for more
       information).
     * Encrypt files - If you are storing personal or corporate information,
       see if your device offers the option to encrypt the files. By encrypting
       files, you ensure that unauthorized people can't view data even if they
       can physically access it. When you use encryption, it is important to
       remember your passwords and passphrases; if you forget or lose them, you
       may lose your data.
     _________________________________________________________________

     Authors: Mindi McDowell, Matt Lytle
     _________________________________________________________________

     Produced 2005 by US-CERT, a government organization. Terms of use
     US-CERT

     Note: This tip was previously published and is being
     re-distributed to increase awareness.

     Terms of use

     http://www.us-cert.gov/legal.html

     This document can also be found at

     http://www.us-cert.gov/cas/tips/ST05-017.html

     For instructions on subscribing to or unsubscribing from this mailing
     list, visit http://www.us-cert.gov/cas/signup.html.




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iQEVAwUBTKORlj6pPKYJORa3AQKqcAf/dT2pq4baoxuiWwgThQPJSvy/Vm2CJ7vs
W0d/xOblF0zJfwxUkD3Kv8JFlpCsPKuetO8EEPkCd3SdPaAFVwZT4ijFY3UAxuc2
V9b63a14mB7k4qph52fprhoI3VQ06YwfCJLgx3divpkmdhkNR6TR1+MJUXuZbVHP
K+qNFuuD47qNzWuZHkoAxQ62dRKmWkYm9voKMZl11N/KTiFam6DiT3ehNCx8C/ah
6n2LCOkMuAC5bIZEHCh2rXM/ENgHO+KrUa5dHzb1/xyG9zSLB8kvk8iRGmnNYoMR
OTLU9Bc1fpFK+Y+K5GondMNBjPJEU1JsGFAVY46nIf9YqX8YC9zp3g==
=Kf9A
-----END PGP SIGNATURE-----
Previous By Date Next
Previous By Thread Next

Current thread: