Cover Your Palm
Hackers can trick your device to give up your password.To those of you who may have been unconvinced by recent warnings about the security risks of PDAs, the situation is even worse than thought. According to some experts, security features built in to the Palm Operating System may provide so little protection that it may be possible to steal data from a PDA from across a room. According to "Kingpin," a senior researcher at @stake Inc., the most serious problem lies in the handling of the Palm OS system password. "Finding and decoding that password isnt tough," says Kingpin, "For a the average programmer, its a minor project; for a moderately experienced Palm OS developer, its trivial."
Kingpin has developed a "proof of concept" application that takes advantage of the "HotSync" processwhereby a Palm OS device can synchronize data with a PCto extract the system password. The app, known as "NotSync," allows a second PDA to masquerade as a PC waiting to synchronize data, and thus trick a Palm OS device into transmitting the password over its built-in wireless infrared port. NotSync then decodes and displays the password.