Re: Palm Bean Lock feature

[Kingpin <kingpin () atstake com>]

[For those interested, the advisory in question was for the Secure
Computing SafeWord e.iD soft token which stores the PIN and critical
information in a Palm database file (original advisory at
http://www.atstake.com/research/advisories/2000/a121400-1.txt)]

The "Beam Lock" protection bit is a single bit (e.g "beam" or "don't
beam") that is associated with each database on the Palm device. Because
all databases are readable by any other application on the Palm, it is
trivial to cycle through all the databases (or choose a particular
database) and change that bit. A tool I wrote awhile back (2 years?)
demonstrates this.

You can grab it from http://www.atstake.com/research/tools.html

-kp


On Sat, 16 Dec 2000, Christian wrote:

> Hi,
>
> Recently on BUGTRAQ, when discussing a vulnerability with a certain
> piece of Palm software, it was mentioned that:
>
>   * If an attacker obtains access to the user's Palm device he can copy
>     via IrDA (infrared), or "beam", the "sceiddb.pdb" file. By default
>     this file does not have the "Beam Lock" protection bit set. This
>     bit tells the PalmOS not to allow the beaming of the file. But the
>     "Beam Lock" protection can be easily disabled.
>
> Does anyone know how this "beam lock" protection is enabled/disabled?  I
> can't find any way of doing it via the ordinary interface so I assume
> it's a little more sophisticated than this.
>
> Regards,
>
> Christian.