Results 1 to 4 of 4
  1.    #1  
    I use Splash ID to store sensitive info such as accounts and passwords. Is it possible for this info to be compromised in anyway while the phone is in my posession? Let's say a brilliant but unscrupulous developer offers a freeware IM app. I download it into the Treo 600 and the app, while in background mode, goes into splash ID (or other apps) and retrieves the info and sends it wirelessly to some e-mail address stealthyly without you ever knowing it.

    On the Treo 600 with OS 5, Is such a scenerio:

    1. Theoretically possible

    2. Possible but extremely difficult to implement

    3. Impossible

    Am I being overly cautious?
  2. #2  
    As far as I know, SplashID encrypts the data... so even if someone could get access to it (which is unlikely), they'd have to somehow unencrypt it as well... much more unlikely.

    But just cuz you're paranoid doesn't mean they aren't out to getcha!
  3. pan
    pan is offline
    pan's Avatar
    Posts
    13 Posts
    #3  
    For a brilliant developer? Easy.

    They could write a simple program that runs the next time you launch splash ID, grabs your password, decrypts the data using your password and sends it wirelessly back to the developer it. It then directs you back to the real Splash ID so you don't realize anything happened.

    Paranoid now?

    Pan
  4. #4  
    As a security analyst I can tell you that you should always believe that nothing is impossible. Having said that, being overly cautious will depend on how much value the information has to you. You might think that a relative's phone number is not important enough to encrypt while another person might disagree.

    You are using encryption which is always very good. Give the right 15 year old kid some $$$ and tickets to a concert and he/she will break into any government system. But for now I would say that your scenario is "possible".

    But the biggest security "hickup" is us, humans. I've known people with the latest encryption and end up loosing information because the feature was turned off.

    What do I do? I don't have any passwords nor account numbers stored on the phone or any computers. I just take an extra dosage of Ginko Biloba to keep track of all that information. Yep, I have ended up getting locked out some websites/accounts, etc. But I rather go through that hassle.

    My 2 cents...

    cash70
    Me = Nokia 5170/Palm III > Kyocera 6035 > Treo 600 > Treo 650 > Treo 700p > Treo 755p > Treo Pro > Palm Pre

    Wife = Treo 600 > Treo 650 > Treo 755p > Palm Centro > Palm Pixi

Posting Permissions