[PEN-TEST] Palm Pilot Security

[Mike Ahern <mc_ahern () YAHOO COM>]

A Quick Question...

Does anyone have any real life experience in
evaluating the security of Palm Pilot systems? Someone
is proposing using the Palm along with RSA/Security
Dynamics soft token, and as a method of gaining some
remote network access. I am being asked to sign off on
it.

I understand that the Palm units may be password
protected, but that on the original Palm Pilots you
could remove the batteries to reset the unit &
password. Also I understand that new Palm 5 units use
an internal lithium rechargable battery, and have a
reset button that can be used to "reboot" the Palm
Pilot.

I also am aware that the L0pht guys found a way in the
past to undermine the security of the Cryptocard soft
token.

Anybody aware of methods to hack past the password
protection on the Palm? I assume that like anything
else, physical access equals potential for 100% system
compromise. Anyone aware of any RSA/Security Dynamics
soft token security issues on the Palm Pilot?


Any thoughts or experiences shared (lessons learned)
would be appreciated...


- Mike




__________________________________________________
Do You Yahoo!?
Yahoo! Auctions - Buy the things you want at great prices.
http://auctions.yahoo.com/