December 11th, 2002, 12:15 PM
NotSync - Hacking Palms The IR Way
Been reading up on Palms and PDAs in general and noticed quite a bit of security issues.
1. There has been two recorded virii (1.Trojan "Liberty", 2. Virus "Phage")
2. Kinda like a programmers/debuggers backdoor to the "lock" mode. Read more at @Stake
3. Programs Readily available for password cracking and decryptions (duh )
4. IR (Infra Red) Hacking!
This is kinda a continuation from this tread Palm Hacking and this one Palm Security Vulnerabilities (IR Port)
The answer people didn't believe is, Yes IR Hacking can be done.
Using a program called NotSync
This program's original intended use was to control what is and isn't HotSync't between your computer and your PDA, but people have figured out that you can use this utility to send an IR request to another PDA and fool it into believing it's speaking with the Source computer and begin to HotSync
The source of the program is Ultrasoft.com
"(NotSync) Demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device."
So what to do?!?
Well since PDA's hotsync without any autorization required, the best bet is to keep your PDA off in public, and, to be more secure, turn off beaming IR when not using it.
Not totally true, eh?
From SarinMage from this tread
...IR beaming goes one way, you cant get anything back, and the user MUST accept the beam.
lemmie ask you this... the palm asks you if you want to recieve the application after it has been beamed. it ALWAYS asks you.....
December 12th, 2002, 05:56 AM
PDA technology has gotton a lot better since i was working with palms. The newer palms have FAR better IR technology built... and flaws were bound to show up anyway.... there are bugs in EVERYTHING.
nice find man, VERY usefull to me
December 12th, 2002, 01:49 PM
Well, Since the usefulness of PDA's are currently increasing and sales reaching over 25 million for just last year, in the US!
So keeping a close eye on new security vulnerabilities is a definite for me and for others on this site. (Not so popular yet, but interest is slowly increasing)
"There were 25 million Palm Pilot or PDA devices sold in the US last year .."
Source The Register
Especially with companies using them as interoffice tools for data storage, messaging, presentation tools, and so on....