NotSync - Hacking Palms The IR Way
Hey All,
Been reading up on Palms and PDAs in general and noticed quite a bit of security issues.
1. There has been two recorded virii (1.Trojan "Liberty", 2. Virus "Phage")
2. Kinda like a programmers/debuggers backdoor to the "lock" mode. Read more at @Stake
3. Programs Readily available for password cracking and decryptions (duh :p)
4. IR (Infra Red) Hacking!
This is kinda a continuation from this tread Palm Hacking and this one Palm Security Vulnerabilities (IR Port)
The answer people didn't believe is, Yes IR Hacking can be done.
How?!?
Using a program called NotSync
This program's original intended use was to control what is and isn't HotSync't between your computer and your PDA, but people have figured out that you can use this utility to send an IR request to another PDA and fool it into believing it's speaking with the Source computer and begin to HotSync
Quote:
From HackersPlayground.Org
"(NotSync) Demonstrates the simplicity of obtaining and decoding the Palm system password. This version imitates the initial stages of the HotSync process via the IR port and retrieves and decodes the password of the target device."
The source of the program is Ultrasoft.com
So what to do?!?
Well since PDA's hotsync without any autorization required, the best bet is to keep your PDA off in public, and, to be more secure, turn off beaming IR when not using it.
Quote:
From SarinMage from this
tread
...IR beaming goes one way, you cant get anything back, and the user MUST accept the beam.
lemmie ask you this... the palm asks you if you want to recieve the application after it has been beamed. it ALWAYS asks you.....
Not totally true, eh? :)
