Filed in archive
News
, Palm
, Smartphones
, Useful Info
by Rico Mossesgeld on February 20, 2007

Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attacker may use this vulnerability to retrieve information from a locked device.
The built-in Find feature can also be used to access an Edit window and paste previously cut or copied data into the search field of a locked device. An attacker may use this vulnerability to view data that was cut or copied from Treo applications prior to the device being locked. [Emphasis mine]
The Treo 650, 680, and 700p are affected by this.
Palm was apparently notified of the problem and they decided not to address it. It isn't really a severe vulnerability if you think about it. You should never leave a smartphone or PDA alone with someone else anyway (the "attack" can only be carried out with direct access to the phone), especially if you have valuable data stored on it. But it's good to see people stepping up to solve the problem.
Tags:
Treo+Find+Vulnerability
Palm+OS+Treo+Security
Symantec
mobile
palm
treo+vulnerability
address+treo
d
Trackback: http://publish.creative-weblogging.com/publish/mt-tb.pl/54418
Mr Wong
Vote for Palm Decides Not to Address Treo Vulnerability:
|
Rating: 8.00 out of 1 vote(s) cast.
|
Response from:
free cellphones
(02/23/07 9:54am)
Palm is probably giving up the Palm OS as they are trying to build the next Linux based Treos.
Response from:
Rico
(02/24/07 5:45pm)
Actually, Palm no longer owns the OS itself. Access Co. is responsible for its development. But I know what you mean: Palm's initial decision was sound, because from a business POV, it doesn't make sense spending time and money to fix what's actually a minor bug.
Response from:
high school musical2 lyrics
high school musical2 lyrics
Subscribe
Marketplace
- mobile broadband
Use the search to look for other interesting posts
| RSS | See all blog subscribe options |
|
What is RSS? | |
| Yahoo! |
|
| Addthis |
|
| Bloglines |
|
| Newsletter | |
| Follow us on Twitter! |







