Palm security vulnerabilities

Here is a security flaw to the Palm OS....

Beaming programs. -- The Palm will automatically pick up the nearest beam by IR. I've read stories on the net that people (in larger towns) go around using their Palm and trying to transmit by IR on buses and subways. When they find a Palm that's on and receiving, they send an app they compiled and hope the user accessess it.

The program is disguised as something else (two examples here are; 1- name it and icon it the same as another, to confuse the user to accidentally use the wrong one (ie: Address & Clock), or 2- call it a useful utility or game and hope they check what it is.

The program does one of two things, it either attempts to delete the whole Palm (using PalmDOS and some modifications) or writing a crashing program that will require a hard reset. (which causes all data to be lost.)

I've also heard about a .pdb file that is on runtime and activates with the Clock alarm setting.

I've been trying to find this site that I am mentioning from, but can't for the life of me remember the URL... I'd check my history but it was on a 'puter at college.

Hmmm... I wonder what kind of people hack PalmOS?

PALM OS!!!

FINALLY something i can actually talk about!!!!


IR beaming goes one way, you cant get anything back, and the user MUST accept the beam.

lemmie ask you this... the palm asks you if you want to recieve the application after it has been beamed. it ALWAYS asks you..... why would you accept a random application that just appeeares on your palm?

I did some searching for PalmOS news/security warnings and this is what I got:

http://rr.sans.org/PDAs/palm_3x.php
http://www.palmopensource.com/index.php3?category=31
http://www.visorcentral.com/content/Stories/954-1.htm
http://www.zdnet.com/anchordesk/stor...784098,00.html
http://www.safermag.com/html/safer29/alerts/11.html

Thanks for the finds AcidSpectrum!

I knew some of them but some I did not. It's always good to know!

SarinMage, I totally understand what you are talking about, but how often have you seen a younger person find something and go "ooh!" ? Some people can be dumb....

BTW, what Palm are you using?

BTW...

How would someone be able to find a reciever Palm if someone is not using the Palm (unless it's accidentally on)??????

I think its a total dumb form of hacking and wouldnt concider it hacking........ now WinCE on the other hand has alot more features...... :) that i can actualy work with..... but palm is just nothing more then an advanced orginizer..... i dont know, just personal oppinion i guess

but making palm into a linux terminal is uber :) that can be fuuuun

/me has to try linux on his palm...