Vulnerability Development mailing list archives
Re: Exploit code for PalmOS
From: crispin () WIREX COM (Crispin Cowan)
Date: Fri, 16 Jun 2000 23:38:47 -0700
Greg Swallow wrote:
On Thu, 15 Jun 2000, Philip Rowlands wrote:IIRC, the Palm defaults to "Beam Receive On", in order to receive electronic address cards, applications etc. It may be possible to transmit a malformed address card to cause the Palm to crash or lose data.Mmmmmmm...infrared virii. Imagine--a virus that automatically spreads through the IR port *and* changes the channels on any TV set it has IR codes for to 666 (or 66 if the TV doesn't have that many channels). Sounds like fun. Aren't Furbies IR-capable?
A student taking my security class (Mark Jacobson) did a term project investigating the vulnerability prospects of IR ports in laptops. It turns out to be feasible to attack fun PnP (Plug-n-Play) devices to the IR port ... like mice. So someone strolling near your laptop in an airport lobby could add a mouse to your desktop and start clicking on things :-) A working exploit was not completed, but the major barrier was obscurity of device drivers for the IR port for Windows. Crispin -- Crispin Cowan, CTO, WireX Communications, Inc. http://wirex.com Free Hardened Linux Distribution: http://immunix.org
Current thread:
- Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
- Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
- Re: Exploit code for PalmOS Blue Boar (Jun 17)