Comments on: Palm OS Treo Security Vulnerability Posted
The advisory states:
Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.
Article Comments
(13 comments)
The following comments are owned by whoever posted them. PalmInfocenter is not responsible for them in any way.
Please Login or register here to add your comments.
RE: How to reproduce?
I tried accessing the find option while in a received call, and while in the make emergency call screen.
Apparently some Sprint Treo 700p owners can reproduce this (?).
RE: How to reproduce?
See the following article on treo|central for procedures: http://www.treocentral.com/content/Stories/1094-1.htm
RE: How to reproduce?
On incoming call managed to view first line of appointments, contact names, and subject line/sender of emails in Versamail whilst Treo was locked. Couldn't retreive any data from "private" records though.
Disappointing that this wasn't fixed when first identified.
RE: How to reproduce?
'Palm has decided not to fix or address the vulnerability.'
"Palm has decided not to fix or address the vulnerability."
Classic! If this was MSFT's reply, you apologists would be rabid.
At least a temporary fix
Check out this post at Treocentral (starting at post #11): http://discussion.treocentral.com/showthread.php?t=136942
RE: At least a temporary fix
Now we know just how much regard Palm has for the security of Treo users' data.
RE: At least a temporary fix
Thinking about Vista? Think again: http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt
RE: At least a temporary fix
In fact, almost always they deny it's a serious problem and/or blame their users for finding it, and/or say they will never never fix it. They often relent after we scream loud enough or the mainstream reviewers begin to make it an issue that affects their PR.
It would really be refreshing if Palm would someday change their tact and just acknowledge the issues and get cracking on a solution, rather than leaving it to us to complain and/or third-party developers to fix it for them. The fact that one guy has already hacked together an attempt at a fix for this makes Palm's reaction to this discovery absolutely pitiful.
Certainly they must still have an engineer or two employed at Palm that isn't solely focused on deciding which hardware button to move around on the next model...
Treo 600 affected too
looks like this issue is BIG - my Treo 600 is affected too.
Now all we need is someone who can perform tests on the OS4 Treos...
Best regards
Tam Hanna
Find out more about the Palm OS in my blog:
http://tamspalm.tamoggemon.com
RE: Treo 600 affected too
Latest Comments
- I got one -Tuckermaclain
- RE: Don't we have this already? -Tuckermaclain
- RE: Palm brand will return in 2018, with devices built by TCL -richf
- RE: Palm brand will return in 2018, with devices built by TCL -dmitrygr
- Palm phone on HDblog -palmato
- Palm PVG100 -hgoldner
- RE: Like Deja Vu -PacManFoo
- Like Deja Vu -T_W
How to reproduce?