Information Security News mailing list archives
Re: Crackers can zap data off Palm Pilots
From: InfoSec News <isn () C4I ORG>
Date: Tue, 30 Jan 2001 00:52:09 -0600
Forwarded by: Michael Carroll <CARROLLM () war wyeth com> Personally, I think there's a greater threat from pickpockets stealing the actual PDA then from someone "zapping the data" from the device. "Warnings" like this seem a bit too much like overstatement of the obvious and an attempt by @Stake to generate press. Michael Carroll Senior Network Analyst Wyeth Lederle Vaccines
InfoSec News <isn () C4I ORG> 01/20 3:26 AM >>>
http://www.vnunet.com/News/1116644 By Ian Lynch [19 Jan 2001] Security consultants @stake have added to the weight of expert opinion that business use of PDAs such as a Palm Pilot may be a security risk. @stake, a US-based security consultant, has written a piece of software code that can zap passwords off targeted Palm Pilots through taking advantage of the PDA's hotsync function. Hotsync is used to transfer data between the user's PC and a Palm Pilot. Called Notsync, the code fools the targeted Palm Pilot into thinking it is talking to the user's desktop computer, rather than a hacker's PDA. The hacker then downloads the target's password via the target machine's infrared port. Infrared ports have a range of 50cm to 100cm, but @stake said amplifying systems can increase the range threefold. The consultant said its Notsync code could be written by any competent hacker, and is warning firms to make sure they know what company information is being held on their employees' PDAs. Notsync's author, Mudge, vice president of R&D at @Stake, said: "They are completely vulnerable." ISN is hosted by SecurityFocus.com --- To unsubscribe email LISTSERV () SecurityFocus com with a message body of "SIGNOFF ISN".
Current thread:
- Crackers can zap data off Palm Pilots InfoSec News (Jan 22)
- <Possible follow-ups>
- Re: Crackers can zap data off Palm Pilots InfoSec News (Jan 25)
- Re: Crackers can zap data off Palm Pilots InfoSec News (Jan 29)