Vulnerability Development mailing list archives

Re: Exploit code for PalmOS

From: eddie () SELA CO IL (Eddie)
Date: Thu, 15 Jun 2000 17:37:02 +0300

What would you be wanting to exploit ?  There is no security mechanisms
under PalmOS.  If you have access to the device you can do what you like
to it.  The only protection is using 3rd party encryption software to
protect data but this doesn't help you protect anything in the builtin
applications.

I can think of several ways to exploit a plam device , some prc apllications
get
databases (PDB) from different kind but the application stay the same !
maybe if I setup a PDB with a certin record it will cause the user
palm-pilot (using this pdb,)
to unhide all secret records and to mail them to me ! ( via mail
syncronisation !).

( I am not saying that it can be done 100% , but someone should give it a
try !).

2. beaming cards and applications may exploit weekneses in palm os ...if I
set up an application (PRC) , that acts like a normal palm-os beam,  but do
other things as well ...
than I can think of some situations this can exploit other application and
palm devices !
we should all look at this protocols to see if there is a chance to exploit
them !
dont you think so ?

 Eddie.

Current thread:

Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
  - Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
  - Re: Exploit code for PalmOS Blue Boar (Jun 17)