Results 1 to 3 of 3

Thread: NotSync - Hacking Palms The IR Way

  1. #1
    Join Date
    Mar 2002

    Exclamation NotSync - Hacking Palms The IR Way

    Hey All,

    Been reading up on Palms and PDAs in general and noticed quite a bit of security issues.

    1. There has been two recorded virii (1.Trojan "Liberty", 2. Virus "Phage")
    2. Kinda like a programmers/debuggers backdoor to the "lock" mode. Read more at @Stake
    3. Programs Readily available for password cracking and decryptions (duh )

    4. IR (Infra Red) Hacking!

    This is kinda a continuation from this tread Palm Hacking and this one Palm Security Vulnerabilities (IR Port)

    The answer people didn't believe is, Yes IR Hacking can be done.


    Using a program called NotSync

    This program's original intended use was to control what is and isn't HotSync't between your computer and your PDA, but people have figured out that you can use this utility to send an IR request to another PDA and fool it into believing it's speaking with the Source computer and begin to HotSync

    From HackersPlayground.Org

    "(NotSync) Demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device."
    The source of the program is Ultrasoft.com

    So what to do?!?

    Well since PDA's hotsync without any autorization required, the best bet is to keep your PDA off in public, and, to be more secure, turn off beaming IR when not using it.

    From SarinMage from this tread

    ...IR beaming goes one way, you cant get anything back, and the user MUST accept the beam.

    lemmie ask you this... the palm asks you if you want to recieve the application after it has been beamed. it ALWAYS asks you.....
    Not totally true, eh?

  2. #2
    The Lizard King SarinMage's Avatar
    Join Date
    Jan 2002
    PDA technology has gotton a lot better since i was working with palms. The newer palms have FAR better IR technology built... and flaws were bound to show up anyway.... there are bugs in EVERYTHING.

    nice find man, VERY usefull to me

  3. #3
    Join Date
    Mar 2002
    Well, Since the usefulness of PDA's are currently increasing and sales reaching over 25 million for just last year, in the US!

    "There were 25 million Palm Pilot or PDA devices sold in the US last year .."

    Source The Register
    So keeping a close eye on new security vulnerabilities is a definite for me and for others on this site. (Not so popular yet, but interest is slowly increasing)

    Especially with companies using them as interoffice tools for data storage, messaging, presentation tools, and so on....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts