Mobilized – An Up-Close Look at Working Smarter with Mobile Devices

"I’ve had a number of cases where critical digital artifacts on mobile devices (like Treos) pretty much sealed up the case."

As smartphones, PDAs, and mobile devices of all flavors become more powerful and versatile, more and more of us rely on them heavily in our everyday professional lives. Most of us are also always on the lookout for insight on how others work with mobile solutions, and how to get more out of our mobile experience.

This series of articles will feature a question and answer session with some mobile power users from various walks of life, to learn more about how they view and use mobile devices and mobile applications.

I am thrilled to bits that our first Q&A session is with SecurityMonkey, author of the award-winning blog ‘A Day in the Life of an Information Security Investigator’. Even if you’re not involved in information security, this blog is so well written, and so full of great humor and insight, that if you try it out and read a few Case Files, you’ll be hooked. Think of it as CSI Miami for high-tech crime-fighting – you don’t have to be an information security pro, or a homicide investigator, to be gripped by the stories and the ingenius methods used to solve cases.

Read on for our first Mobilized Q&A:

Q: As anyone who has read your excellent blog will know, your line of work seems to keep you on the move and on the road quite a bit. I imagine that mobile technology is pretty critical for you – which are your most essential mobile devices?

This is a pretty easy question to answer for me. I travel with four devices:

1) Treo 650 – The true ‘all in one’ device. After installing a 1G memory card I have room for plenty of pictures, video, applications, notes, etc. The reception is excellent, and for someone like me who would die without SMS, the keyboard is a dream to use. I really didn’t care for the keyboard on the 600, so the 650 was a welcome improvement. I sync this device via bluetooth with my MacBook PRO using a software package called ‘Missing Sync’. It works every time!
I really love the battery life of my Treo – I usually get at least two days out of a charge with normal use.

2) MacBook PRO – I used a G4 Powerbook for years and loved it. The MacBook PRO is everything I’ve ever wanted in a notebook: Duo-core 2Ghz processor, 256MB VRAM, 2GB RAM, 100GB 7200RPM hard drive, built-in iSight camera for video conferencing, DVD Superdrive, the best keyboard I’ve ever used, and a gorgeous 1440×900 screen. Combine this device with software like ‘Parallels’, and I can run Windows, Linux, Solaris, etc. in a window using virtualization technology.
There is no better notebook on the market, period.

3) iPod – I’ve had a very simple 20GB iPod for a number of years now.
It has excellent battery life, and sounds great with my Sony earbuds.
I spend a lot of time in airports, and the iPod lets me relax while I check on how late my flight is (and they are ALWAYS late).

4) Sony digital camera: Sony Cyber-Shot DSC-V3. I fell in love with the picture quality. Great for taking high-quality pictures of computer screens, work areas, and other types of surveillence work.

Q: You mention your Treo 650 in the blog and podcasts – what are some of the ways you put the Treo to work on a typical day (though I guess there’s no such thing in your field)?

There’s pretty much never a typical day. I’m usually on the phone, using it as a speakerphone/conference call device/mobile access device. I use SMS more than anything else, and the nifty keyboard makes it a snap. Occasionally I’ll use it for pictures or video if my Sony camera isn’t handy. I’m a big fan of TealLock for keeping the contents of my Treo secure and encrypted.

Q Any favorite applications for it?

TealLock, TuSSH (great ssh client), SplashID (personal information vault – yeah, I’m that paranoid), Resco Explorer (the swiss army knife!), Note Studio (for all your note taking needs – and I take a LOT of notes).

Q I think the Treo recently made it on to an episode of ’24′. Have you got any Jack Bauer / James Bond type stories of Treo usage?

I missed that episode. I’ve had a number of cases where critical digital artifacts on mobile devices (like Treos) pretty much sealed up the case.

Example: CEO is a big Treo user. CEO insists on having a device that only he can access. IT department puts encryption software on the Treo, but of course they leave an emergency backdoor because the CEO was known for blowing up his mobile devices five minutes before a
critical meeting. Fast-forward a few months, and CEO is under
investigation for securities fraud and insider trading. IT was told shortly before the CEO was put on paid administrative leave, so they remotely locked his Treo. When the CEO approached IT about the locked Treo, they confiscated it. Fast forward a few weeks and CEO is part of a huge investigation. LAWYER submits a discovery request for the contents of CEO’s Treo. With my assistance, we pulled off several key digital artifacts (e-mail, notes, lots of SMS conversations and some R-rated photos of his girlfriend, who worked for a certain broker to
boot) and the case was prosecuted to success.

Q Which other smartphone / handheld devices have you owned in the past?

I’ve used various WinCE-based devices, and they just weren’t reliable.
My Treo has rebooted a few times here and there, but it has drastically better ‘uptime’ than the WinCE devices.

Q I’ve occasionally seen articles on pen-testing tools for Palm / Windows Mobile PDAs, and have even tried a couple of port-scanning apps, but found them ridiculously slow on a handlheld. Are there any tools specific to the information security trade that run well on a handheld?

I have come to the same conclusion, they are too slow. However! They do work wonderfully for testing 802.11 and bluetooth connections.
It’s amazing that so many people leave their smartphones in ‘discoverable’ mode.

Q Any plans to look at the Treo 700w running Windows Mobile? Or are you looking forward to the next Linux-based version of the Palm OS?

I’m holding out for a linux-based Palm device. That would rock my world!

Q: Securing mobile devices – from smartphones to laptops – seems to be an area that is (deservedly) getting more and more attention – do you have any good security principles that you apply with your own mobile equipment, or any best practice tips you offer to clients on this subject?

It’s really the same advice that I give to computer users. Turn off everything that you don’t need or use (wifi, bluetooth, etc). Always use encryption software for critical data, or use something like TealLock that will lock the device and wipe it clean if someone tries to ‘brute force’ your passcode.
Be aware of where your mobile devices are. I can’t tell you how many mobile devices that cab drivers walk away with every year…

Q What are some of your favorite non-work uses for the Treo? Any favorite ‘play-time’ apps?

Texas hold’em. I can play poker for hours. It helps keep the mind sharp, too.

Be Sociable, Share!

•