Palm Decides Not to Address Treo Vulnerability
Filed in archive News , Palm , Smartphones , Useful Info by Rico Mossesgeld on February 20, 2007
Palm OS Treo smartphones are equipped with a system password lock to secure contents of handheld data from unauthorized access. When this lock is engaged, Treo's built-in Find feature is still accessible and can be used to perform searches on text in Treo applications and databases (e.g. SMS Messages, Memos, Calendar, Tasks, etc). Search results are accessible, and depending on their size, may be truncated. An attackermay use this vulnerability to retrieve information from a locked device.
The built-in Find feature can also be used to access an Edit window and paste previously cut or copied data into the search field of a locked device. An attacker may use this vulnerability to view data that was cut or copied from Treo applications prior to the device being locked. [Emphasis mine]
The Treo 650, 680, and 700p are affected by this.
Palm was apparently notified of the problem and they decided not to address it. It isn't really a severe vulnerability if you think about it. You should never leave a smartphone or PDA alone with someone else anyway (the "attack" can only be carried out with direct access to the phone), especially if you have valuable data stored on it. But it's good to see people stepping up to solve the problem.
Permalink: Palm Decides Not to Address Treo Vulnerability
Tags:
Treo+Find+Vulnerability
Palm+OS+Treo+Security
Symantec
mobile
palm
treo+vulnerability
address+treo
d
Trackback: http://www.creative-weblogging.com/cgi-bin/mt-tb.pl/54418
Mr Wong
| 
