OTTAWA — As more wireless devices edge their way into the daily grind of the business world, users need to be hyperaware of the security threats they pose, an IT conference heard Tuesday.
“”Be very wary of using a cell phone when discussing sensitive information because it could easily be compromised.
Wireless interception is a possibility,”” warned Richard MacLean, one of three panelists who spoke on “”Wireless Technology: Trends, Vulnerabilities and Risk Using Hand-held Devices”” at the Technology and Counter-Terrorism conference.
MacLean is a communications security engineer with the federal government’s Communications Security Establishment, an organization that provides advice on how to protect the government’s electronic information and information infrastructures.
In a bid to ensure the encryption capability of public sector cell phones is up to date, CSE is now testing Global System for Mobile (GSM) phones that are equipped to handle top-secret voice data.
“”Hopefully that technology will be made available to our government clients very shortly,”” said MacLean.
Currently, BlackBerries and other handheld e-mail devices are used en masse in both private and public sectors. Users and recipients of sensitive information should employ private keys that can encrypt the data, said MacLean. Without the use of keys, the information is sent out in clear text format and can easily be poached by someone who taps the transmission of data, he said.
As for security algorithms, there are certain ones that have been approved by CSE and are recommended to government clients when they are buying wireless products, MacLean said.
Among many things users have to be wary of when dealing with handhelds is their ability to store “”an enormous amount of information,”” he added.
“”You have cards that can hold 2GB of information; the Pocket PC can process Word and Excel documents. So if that device is lost or stolen, consider that information compromised unless you install the proper security mechanisms such as passwords and encryption technology.””
MacLean’s advice is to use approved cryptography solutions, use strong passwords and change them frequently, use anti-virus software on PDA and PCs and update it frequently.
Mansell Nelson, vice president and general manager of wireless enterprise solutions at Rogers Wireless, said the public safety aspect of the wireless industry represents a great opportunity for carriers.
Rogers is currently working with law enforcement agencies to move them off private radio networks and onto public networks so intelligence can be shared with their counterparts in other regions, Nelson said.
“”We’ve been working for quite a while now with Sierra Wireless and others (on related initiatives) … and we’ve learned to appreciate the motto that information must be shared in order to be useful.””
The key weakness with wireless networks, however, is the tradeoff between security and access, said Robert Kaelin, senior manager of MTG Management Consultants.
“”The commercial wireless industry has both helped and hindered secure access. By focusing on consumer electronics … the industry has created a number of great products. But this directly conflicts with the efforts to standardize wireless solutions as each corporation has developed their own killer application and killer solution.
“”This creates a conflict between providing the solutions and (fostering) cooperation between companies (to adhere to the same standards),”” Kaelin added.