Application: PalmOS
Operating System: PalmOS
Vendor: Palm(tm)
Versions: ALL
Author: shaunige@yahoo.co.uk


-[BACKGROUND]-:

PalmOS includes a pre-installed 'Security'
Application, which allows a Palm enabled device to add
weak security, to hide data and protect the PDA from
casual snoopers.  One particular feature is the
ability to "Hide" Memos set as "Private" in the
Security section of MemoPad, and set a password so
that "Private" memos can only be read by those
possessing the Password.  Once a password is set, the
user would run the MemoPad application, access the
Options menu and click Security.  The user would then
choose to "Show All Records", and is prompted to enter
the previously set password before being able to
access his memos.

This low-level of added Security can, however, easily
be circumvented or bypassed by using third-party
text-editing applications.  Once an attacker is
actively viewing the hidden memo, the memo can be set
to non-"Private".  This is most likely due to a
designing error in the PalmOS programming, as PalmOS
does not attempt to prevent hidden memos from being
accessed in any other application but MemoPad.


-[EXPLOIT]-:

This existing "Vulnerability" can be exploited easily
via a third-party text-editing application, such as
RsrcEdit, Hotpaw BASIC and PEdit.
PalmOS makes no attempt to hide the Memo from other
applications, so all a would-be attacker has to do is
use one of these programs to open the Memo, and do any
reading or editing he/she wants.


-[SOLUTION]-:

I am not aware of any solution, and doubt that one
exists.
This vulnerability will be reported to Palm(tm) if
people think that it is even important enough, and
perhaps there is then a small chance of a patch being
issued...


Thank you for your time.
Shaun.



________________________________________________________________________
Want to chat instantly with your online friends?  Get the FREE Yahoo!
Messenger http://uk.messenger.yahoo.com/