"Think about what you just suggested. Beaming isn't something magic, it's a medium for programs to send bits to other programs with some format for what to do with them. If your would-be victim's Palm is asleep, it's not listening for IR."
Well, some of your other answers are good enough that I suspect I don't understand you.
The IR port on a palm is, I assume, a combination IR diode and some sort of receiver. When the IR port is ready to receive a beam, clearly there's a DC bias that goes up across the receive circuitry to allow it to receive and amplify the signal. The questions here are: 1) Does this bias go away when the non-sleeping Palm is not ready to receive a beam? 2) When the unit is off, does the bias go fully to zero, or is there some leakage bias?
If there's any kind of leakage bias, then a high-powered signal might get a few bits through. After that, only a Palm OS expert will know if there's some kind of signal that can tease the Palm awake and then get it to swallow some kind of trojan.
Frankly, however, I consider this unlikely, but I am unfamiliar enough with Palm OS as to consider it within the realm of possibility.
-TD
From: Bill Stewart <[EMAIL PROTECTED]> To: [EMAIL PROTECTED], [EMAIL PROTECTED] Subject: Re: Palm Hack? Date: Fri, 04 Jun 2004 16:16:37 -0700
At 07:50 AM 6/3/2004, Tyler Durden wrote:Anybody know of apps that allow someone to hack somebody else's Palm?
PalmOS doesn't have useful memory protection,
so if you can get somebody to run a trojan application, they're potentially toast.
If you can't, then you're limited to whatever the existing applications do
with the data that you hand them.
Many applications are well written, protect themselves against oversized
or other malicious input, and will only do what their authors expect.
Other applications are poorly written schlock that leave a gun barrel
aimed at your foot waiting for you to shove bullets in them.
Specifically, say you are beaming or receiving a beam from someone else's Palm, but you'd like to know much more than what they had planned on beaming you. So you actually beam them an app that takes their phonebook and calender and dumps it out to you. '
I'd be extremely surprised if the primary Palm beaming apps (including builtins and beambox) are that naive, but you never know. Partly this is because they're tolerably well written, and partly because the early Palm Pilots didn't have much memory, so the obvious data structures for handling most objects are annoyingly small and don't give you ways to get past their boundaries, and most of that clunkiness is still there in the APIs.
Another possible way in is email, if your victim downloads email to a Palm and runs it with an insecure application.
Another way that the Palm accepts application data is hotsync -
if you can put malicious data into the Windows feed for somebody's Palm,
such as downloadable programs, you might be able to get them installed.
Fortunately, Windows is perfectly secure.... but the wetware isn't.
"Dude! Here's a really cool Palm Screen Saver! Dancing Pigs and Everything!"
Actually, this is really my threat model. What I really want to know is that, given the above possibility, is there a "fire wall" for a PDA for this kind of attack?
Certainly not on the Dragonball machines.
Not sure if they've improved on newer machines, but without memory protection,
any broken application makes it theoretically possible to break the machine.
So don't run broken applications that accept input from outside.
PS: I'm also wondering if it's possible to force-beam info out of a sleeping Palm that's in a coat pocket or whatever.
Think about what you just suggested. Beaming isn't something magic, it's a medium for programs to send bits to other programs with some format for what to do with them. If your would-be victim's Palm is asleep, it's not listening for IR.
If you Google for "PalmOS Virus", you'll find references to one PalmOS virus
that somebody cobbled together, though I'm not sure it actually spread in the wild,
and a trojan that masquerades as a Gameboy emulator program.
But most of the viruses for Palm, like most Unix viruses,
run on the Honor System, like the "IBeamYou" address book entry.
_________________________________________________________________
FREE pop-up blocking with the new MSN Toolbar – get it now! http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/
