Abstract
M.Tech.
Mobile handheld devices are moving from being peripheral devices and are now
fulfilling functionality provided by laptops and desktops. The capability and
functionality of handheld devices have improved. This makes the devices more
prominent within public and private environments, allowing information to be
processed inside and outside of the organisation’s network.
Of all mobile handheld devices, the personal digital assistant (PDA) is seen to be
more robust and powerful, increasing its use and popularity among users. PDAs offer
wireless connectivity like Bluetooth and operate with multiple operating systems, also
allowing them to be considered as a private or organisational enterprise tool.
Bluetooth connectivity allows workers to access information anywhere, including
both personal and corporate information. Software and applications have been
specifically developed for handheld devices such as PDAs, giving users a high level
of usability and functionality.
The purpose of this dissertation is to present an information security evaluation of a
Bluetooth-enabled handheld device, such as a PDA. The use of Bluetooth wireless
technology and functionality provides added benefits, but also brings new information
security threats to an organisation’s information assets.
The research attempts to understand the implications of using a Bluetooth-enabled
handheld device in both public and private environments. Five high-level layers are
defined for this discussion.
Information security risks are evaluated based on current research into vulnerabilities,
attacks and tools that exist to compromise a Bluetooth-enabled handheld device. A
Bluetooth penetration testing methodology is suggested for the identified
vulnerabilities, attacks and tools, where a practical assessment is performed for a
critical analysis of the information security mechanisms implemented by the
Bluetooth-enabled handheld device (PDA). Possible recommendations to mitigate
identified information security risks are also made.
This study motivates the necessity of understanding the risks presented by a mobile
workforce using Bluetooth connectivity in mobile handheld devices which can be
used in both private and public environments.