December 19th, 2002 05:21 PM
Securing your PDA
While I know that most users to this site don't have much of an interest to Palms or PDAs, I figured I'd put a tutorial about how to secure your device for those who are interested and for future users for when PDAs become more common.
"OMG! I forgot my Palm on the bus!" or "MF, my Casio's been stolen!" is something that's becoming familiar in today's world. And while most people don't worry much about it, those who do lose their devices have concerns for more then just monetary reasons. People keep sensitive information on these devices, hell, some peoples lives are on these devices!
So while monetary loss is unstopable (actually, not completely true, see below), securing your data from prying eyes can be. Why suffer two losses when you can stop one?
*Note: If you have lost your device, leave your contact information on the lockout screen or place a business card inside the case. Hopefully a good semeritan will return it. (Helps if you say there's a reward if found )
So how to secure these devices from physical access?
The first no brainer is to ensure to never leave your device unattended/out of sight. But, obviously, with the busy lives people live, these little things aren't so hard to forget about/lose/have stolen.
So now what? Well, something that's practical to do is to lock out the screen and ensure that the person in possession cannot obtain access to your data. Instead of just shutting off the device, lock the screen too so that a password is required. (Kinda like boot password) Now, this sounds good in practice, but some devices have flaws to this, which leave backdoors (check out @Stake about the PalmOS 3.5.x) So what to do? Well for this problem, you can download a "fix" for it. (Downlaod Shortfix) You can also download a program that resides on your PDA and does the same function. Check out Easylock, OnlyMe, PDAlock, TealLock or other screen locking programs.
So what next? Something that's always practical, passwords. While I know that many believe this is a common thing, PDA security is still not quite up to par for protection of the determined (like most thing, but, a little easier). Since most PDA passwords protect everything (which means a guessed password unlocks everything) it's best to use seperate programs for seperate reasons. Use programs that require passwords like Secret (An encrypted Memo pad), PDA Safe ID, FileSafe, or other applications
What if you're really paranoid? There's always encryption!
You can sellect your database file and encrypt it after use and decrypt it when using it. Several tool are available, such as; PDASecure & CryptoPad
All these steps will helps ensure that your sensitive information remains unseen by prying eyes. Now, this won't get your PDA back, but at least your secrets are safe. Just remember to hotsync before you leave the house to keep your data up-to-date.
Other Random Timbits
From the tread IR Hacking
How? Using a program called NotSync. This program's original intended use was to control what is and isn't HotSync't between your computer and your PDA, but people have figured out that you can use this utility to send an IR request to another PDA and fool it into believing it's speaking with the Source computer and begin to HotSync
"(NotSync) Demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device."
Well since PDA's hotsync without any autorization required, the best bet is to keep your PDA off in public, and, to be more secure, turn off beaming IR when not using it.
There are viruses out there.
Phage.936 is the first recorded virus (Source) & Liberty is the first Trojan recorded (Source) for the PDA handhelds. So it's not a bad idea to download a virus checker for your PDA. Both Symantic and McAfee have beta versions, as well as PC-Cillin
Remember I mentioned about monetary loss? Well it's not totally unavoidable. You can get insurance coverage for your PDA. Check out PDALostOrStolen.com (Prices range from $4 to $10 per month with $7.12 setup charge, and a $35-50 deductible) or other insurance sites/companies....
If you have anything to add/modify or if there are mistakes, please let me know....
December 19th, 2002 08:18 PM
Nice tutorial. I use a palm all the time, but haven't really ran into security problems.
I keep it on my person at all times except for when I am at home.
One thing that happens to me a lot is... I'll play around with the "hacks" for the palm and everything will be working just fine... then all or a sudden, my flash has been erased.
Dunno if that was a virus or not, but I can do without the hacks if that is going to keep happening. Good thing that Palm automatically backs itself up and I sync on more than one PC!
is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.
December 20th, 2002 12:55 AM
Yes, I agree that the Palm OS is "burnt" on a chip and that it actually is more of a firmware then an OS (in a sense)
The hacks like hackmaster are good for certain things, but, like you said, the coding still seems to be unstable......