Vulnerability Development mailing list archives
Re: Exploit code for PalmOS
From: eddie () SELA CO IL (Eddie)
Date: Thu, 15 Jun 2000 17:37:02 +0300
What would you be wanting to exploit ? There is no security mechanisms under PalmOS. If you have access to the device you can do what you like to it. The only protection is using 3rd party encryption software to protect data but this doesn't help you protect anything in the builtin applications.
I can think of several ways to exploit a plam device , some prc apllications get databases (PDB) from different kind but the application stay the same ! maybe if I setup a PDB with a certin record it will cause the user palm-pilot (using this pdb,) to unhide all secret records and to mail them to me ! ( via mail syncronisation !). ( I am not saying that it can be done 100% , but someone should give it a try !). 2. beaming cards and applications may exploit weekneses in palm os ...if I set up an application (PRC) , that acts like a normal palm-os beam, but do other things as well ... than I can think of some situations this can exploit other application and palm devices ! we should all look at this protocols to see if there is a chance to exploit them ! dont you think so ? Eddie.
Current thread:
- Re: Exploit code for PalmOS Darren Moffat - Solaris Sustaining Engineering (Jun 15)
- Re: Exploit code for PalmOS Eddie (Jun 15)
- Re: Exploit code for PalmOS Philip Rowlands (Jun 15)
- Re: Exploit code for PalmOS Aviram Jenik (Jun 15)
- <Possible follow-ups>
- Re: Exploit code for PalmOS Oliver Friedrichs (Jun 15)
- Re: Exploit code for PalmOS Greg Swallow (Jun 16)
- Re: Exploit code for PalmOS Crispin Cowan (Jun 16)
- Re: Exploit code for PalmOS Blue Boar (Jun 17)