Vulnerability Development mailing list archives

Re: Exploit code for PalmOS

From: BlueBoar () THIEVCO COM (Blue Boar)
Date: Sat, 17 Jun 2000 10:02:13 -0700


My couple comments:

A virus should be quite doable.  People beam applications around.  This
is equivalent to DOS .exe infectors, and people passing floppies.  It
seems a bit mundane in the age of having your viruses delivered right
to your in-box, but it should work just fine.

It seems to me a traditional shell isn't exactly what's desired.  I would
think that persistent access to the victim palm would not be available.
You'd want something that would allow you to fire off the odd command
to make the pilot do something, perhaps serve up a file without affecting
the UI.  It just seems it would be difficult to get the owner to stand
their aiming his palm at yours.

I suppose it comes down to social engineering.  "Here, accept this copy
of solitaire.  Run it... see? cards."  oh... Now stand their for a sec
while I, um, beam my card to you."

I'm reminded of those palm commercials where the man and the women in
separate trains beam (presumably) their phone numbers at each other.
I picture the woman thinking "Wow, he's cute.  I hope he calls."  and
the guy is thinking "3y3 0wn j00!!".

                                        BB

Current thread:

Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
  - Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
  - Re: Exploit code for PalmOS Blue Boar (Jun 17)