Securing your PDA

[tyger_claw]

Hey All,

While I know that most users to this site don't have much of an interest to Palms or PDAs, I figured I'd put a tutorial about how to secure your device for those who are interested and for future users for when PDAs become more common.



Physical Security

"OMG! I forgot my Palm on the bus!" or "MF, my Casio's been stolen!" is something that's becoming familiar in today's world. And while most people don't worry much about it, those who do lose their devices have concerns for more then just monetary reasons. People keep sensitive information on these devices, hell, some peoples lives are on these devices!

So while monetary loss is unstopable (actually, not completely true, see below), securing your data from prying eyes can be. Why suffer two losses when you can stop one?

*Note: If you have lost your device, leave your contact information on the lockout screen or place a business card inside the case. Hopefully a good semeritan will return it. (Helps if you say there's a reward if found )

So how to secure these devices from physical access?

The first no brainer is to ensure to never leave your device unattended/out of sight. But, obviously, with the busy lives people live, these little things aren't so hard to forget about/lose/have stolen.

So now what? Well, something that's practical to do is to lock out the screen and ensure that the person in possession cannot obtain access to your data. Instead of just shutting off the device, lock the screen too so that a password is required. (Kinda like boot password) Now, this sounds good in practice, but some devices have flaws to this, which leave backdoors (check out @Stake about the PalmOS 3.5.x) So what to do? Well for this problem, you can download a "fix" for it. (Downlaod Shortfix) You can also download a program that resides on your PDA and does the same function. Check out Easylock, OnlyMe, PDAlock, TealLock or other screen locking programs.

So what next? Something that's always practical, passwords. While I know that many believe this is a common thing, PDA security is still not quite up to par for protection of the determined (like most thing, but, a little easier). Since most PDA passwords protect everything (which means a guessed password unlocks everything) it's best to use seperate programs for seperate reasons. Use programs that require passwords like Secret (An encrypted Memo pad), PDA Safe ID, FileSafe, or other applications

What if you're really paranoid? There's always encryption!
You can sellect your database file and encrypt it after use and decrypt it when using it. Several tool are available, such as; PDASecure & CryptoPad

All these steps will helps ensure that your sensitive information remains unseen by prying eyes. Now, this won't get your PDA back, but at least your secrets are safe. Just remember to hotsync before you leave the house to keep your data up-to-date.


Other Random Timbits

Password Theft

From the tread IR Hacking

How? Using a program called NotSync. This program's original intended use was to control what is and isn't HotSync't between your computer and your PDA, but people have figured out that you can use this utility to send an IR request to another PDA and fool it into believing it's speaking with the Source computer and begin to HotSync

From HackersPlayground.Org
"(NotSync) Demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device."

Well since PDA's hotsync without any autorization required, the best bet is to keep your PDA off in public, and, to be more secure, turn off beaming IR when not using it.

Viruses

There are viruses out there.
Phage.936 is the first recorded virus (Source) & Liberty is the first Trojan recorded (Source) for the PDA handhelds. So it's not a bad idea to download a virus checker for your PDA. Both Symantic and McAfee have beta versions, as well as PC-Cillin

Monetary Loss

Remember I mentioned about monetary loss? Well it's not totally unavoidable. You can get insurance coverage for your PDA. Check out PDALostOrStolen.com (Prices range from $4 to $10 per month with $7.12 setup charge, and a $35-50 deductible) or other insurance sites/companies....

Links
------
http://www.trustdigital.com
http://www.pointinception.com
http://www.palmtracker.com/
http://www.palmgear.com/
http://www.handango.com/




If you have anything to add/modify or if there are mistakes, please let me know....

[phishphreek]

Nice tutorial. I use a palm all the time, but haven't really ran into security problems.

I keep it on my person at all times except for when I am at home.

One thing that happens to me a lot is... I'll play around with the "hacks" for the palm and everything will be working just fine... then all or a sudden, my flash has been erased.

Dunno if that was a virus or not, but I can do without the hacks if that is going to keep happening. Good thing that Palm automatically backs itself up and I sync on more than one PC!

[tyger_claw]

Yes, I agree that the Palm OS is "burnt" on a chip and that it actually is more of a firmware then an OS (in a sense)

The hacks like hackmaster are good for certain things, but, like you said, the coding still seems to be unstable......