Comments on: Handhelds Might Be a Security Risk
vnunet is quoting Security consultants @stake who point out that Palm handhelds are vulnerable to having passwords stolen from them wirelessly. @stake has written an app that takes advantage of the Palm's ability to HotSync via its infrared port. Notsync tricks a Palm into thinking it is connected to its owner's PC, rather than a hacker's PDA. The hacker then downloads the target's password.
While this simple app doesn't try to grab any other information off the target Palm, it is a fact that many people use the same password for everything, including accessing secure corporate networks.
Article Comments
(10 comments)
The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.
Comments Closed
This article is no longer accepting new comments.
128-bit encryption is exportable...
I.M. Anonymous @ 1/25/2001 4:05:59 PM #
...except for places like Cuba and Iran, etc.
Only as secure as...
nospam@home.go @ 1/23/2001 2:13:00 AM #
Only as secure as practices.
After my going to a palm-related
show and finding I had acquired 50
new contacts, I set my "beam"
preference off. (I also lock mycar
door).
After my going to a palm-related
show and finding I had acquired 50
new contacts, I set my "beam"
preference off. (I also lock mycar
door).
Keep it on you
Queen Of Swords @ 1/23/2001 6:14:08 AM #
My palm is only a security risk when they pry it out of my cold, dead fingers. If you keep it with you at all times, and have a cover that obscures the IR port, this new trick is easily prevented.
?
I.M. Anonymous @ 1/23/2001 11:23:40 AM #
This seems as rather a non-issue. Unless I am mistaken, and someone please correct me if I am, you must initiate a hot synch from the Palm or its cradle. No one is going to be able to surreptitiously come up to you and steal your data without your active [and ignorant] involvement. While it (sounds) feasible that you could trick a Palm into thinking it was synching, the above exploit would require a series of events and a setup that is just plain unlikely...
Lets get real
George Brink @ 1/23/2001 11:58:27 AM #
Putting this in perspective, the risk is only if you Hotsync by IR and I think most people who do this might just spot someone standing less than a metre away pointing their Palm at you while you sync.
Bluetooth
GrouchoMarx @ 1/23/2001 2:53:45 PM #
OK, it may seem crazy now. But just wait for when Palms come Bluetooth enabled, or 802.11b enabled. Automatic, wireless, transparent networking with any other deivce within 10 meters that it can find. With the current state of Palm security, that's a big neon "hack me" sign.
--GrouchoMarx
RE: Bluetooth
So maybe people should find other places than their Palm to store sensitive data!! Otherwise someone will have to develop VERY good encryption or security software. Maybe if Palm made it impossible to transfer memos etc., when they are marked private.
Anyone Know if this would be possible?
Anyone Know if this would be possible?
Latest Comments
- I got one -Tuckermaclain
- RE: Don't we have this already? -Tuckermaclain
- RE: Palm brand will return in 2018, with devices built by TCL -richf
- RE: Palm brand will return in 2018, with devices built by TCL -dmitrygr
- Palm phone on HDblog -palmato
- Palm PVG100 -hgoldner
- RE: Like Deja Vu -PacManFoo
- Like Deja Vu -T_W
Well put
Also if Palm supplied 128 bit (or higher) encryption into it's IR functions then it couldn't export them out of Canada and the US so you can't really blame them for not trying.