Page 1 of 3 123 LastLast
Results 1 to 20 of 47
  1.    #1  
    I am not sure if this was shared on the forums, there is a vulnerability disclosure by Symantec. Here is the link

    http://www.securityfocus.com/archive/1/460059
    http://www.securityfocus.com/bid/22468/info

    Symantec Vulnerability Research
    http://www.symantec.com/research
    Security Advisory

    Advisory ID: SYMSA-2007-002
    Advisory Title: Palm OS Treo Find Feature System Password Bypass
    Authors: J.R. Wikes, Matt Cooley, & Scott King
    Release Date: 14-02-2007
    Application: N/A
    Platforms: Palm OS Treo smart phones - Tested on Verizon,
    Sprint, & Cingular Treo 650 (Treo650-1.03a-VZW &
    Treo650-1.12-SPCS), Cingular Treo 680, and
    Sprint/Verizon Treo 700p phones
    Severity: Locally exploitable
    Vendor status: Verified by vendor. No patch forthcoming.
    CVE Number: CVE-2007-0859

    Palm OS Treo smartphones are equipped with a system password lock
    to secure contents of handheld data from unauthorized access.
    When this lock is engaged, Treo's built-in Find feature is still
    accessible and can be used to perform searches on text in Treo
    applications and databases (e.g. SMS Messages, Memos, Calendar,
    Tasks, etc). Search results are accessible, and depending on
    their size, may be truncated. An attacker may use this
    vulnerability to retrieve information from a locked device.


    Most folks use the system lock feature if they are using Good messaging etc.
    No patch or response from Palm as of now.

    -Chiru
  2. #2  
    I could not reproduce the symptom where the find feature could be accessed when making an emergency call on my Treo 700p (Verizon). I did not dial any numbers, or test the incoming call issue.
  3. #3  
    I could not reproduce this system lockout "weakness" on a Sprint 700P . . . . . .


    10:35PM EDIT Correction -- I am able to reproduce this flaw when an incoming call is accepted. The find function becomes operable. . . . .
    Last edited by gtwo; 02/14/2007 at 09:35 PM.
  4. #4  
    Neither here and I use TealLock 6.
    Ben
  5. #5  
    I can confirm this on my Verizon Treo 700p.

    What I did was...
    1. Go to "Security" app.
    2. Select "Lock & Turn Off" after having a password assigned, of course.
    3. Then tried the "Find" button by hitting the "black" button and the left shift... It did not open.
    4. So, went to "Make Emergency Call" and tried again... This time I could search all my contacts and meetings, etc...
    5. HINT: Search for the vowels... "a" then "e" then "i" etc... All of your names should have at least one.


    So, this is not good.

    Scott (Oh, look a vowel!)
  6. #6  
    Quote Originally Posted by sck_nogas View Post
    I can confirm this on my Verizon Treo 700p.

    What I did was...
    1. Go to "Security" app.
    2. Select "Lock & Turn Off" after having a password assigned, of course.
    3. Then tried the "Find" button by hitting the "black" button and the left shift... It did not open.
    4. So, went to "Make Emergency Call" and tried again... This time I could search all my contacts and meetings, etc...
    5. HINT: Search for the vowels... "a" then "e" then "i" etc... All of your names should have at least one.

    So then I tapped on those findings and then nothing happens - takes me back to the dial screen. Tried on both my 650 and 700p.

    Same thing when accepting an incoming call - can see search results, but cannot activate them. Can paste from clipboard into find window. THat's about all. Unlikely any sensitive stuff there.

    I do have Butler installed on both my 650 (1.13 Sprint firmware) and Sprint 700p (1.08 firmware) and am using the Butler key lock - but I don't think that makes any difference as the keylock is inactive at this point.
    Last edited by HandyDJs.com; 02/15/2007 at 10:16 AM.

    Sprint Pre & Motorola H300 BT headset

    Dead devices: Palm Pro; Palm III; Treo 600, 650, 700p, 755p; Centro
    Yes, I finally updated my tagline!
  7. #7  
    I checked also while the device was actually calling my other cell phone and was able to obtain information; however, I could not activate any applications or defeat the security any further than this. This with TealLock 6.

    Ben
  8. #8  
    I still cannot get into the find screen, either in an active call or from the emergency call screen. I am curious now as to why (with no intentions of hard resetting to find out).

    EDIT: Oh! I think I know. Maybe Genius?
  9. #9  
    Yup, Genius can save you

    AGGHHH!!! People can see what I have spent in my checking application!
  10. #10  
    This is not 700P only, therefore I posted in General chat today.
  11. #11  
    I have created a little fix that prevents the find key from working when the device is locked. I will post it soon.

    I tested it on my 700p, so it should work on the 650 and 680.
  12. #12  
    Ok, this is the first build.

    I have tested it on a Verizon Treo 700p and it works.

    PLEASE: Back up your device before installing. I take no responsibility for any loss of data. This is provided without warranty.
    Attached Files Attached Files
  13. #13  
    Guinea Pig #1 reporting in:

    Sprint Treo 700P, can no longer initiate the find feature now when the phone is "woke up" by a phone call.

    What else do I test?

    Thanks dkirker!!!!!!!!!!!!!!!!
  14. #14  
    No problem!!

    Try going into the Emergency Call screen when the device is locked.

    Also, try to make sure that you can access the find feature when the device is unlocked.

    Repeat this a few times in various orders.

    Also, keep an eye out for any issues that may have now come up. The fix should not have created any issues, but I do have to listen for a few internal things (key presses and the lock broadcast).

    Also, watch for any major performance hits.
  15. #15  
    Quote Originally Posted by dkirker View Post
    No problem!!

    Try going into the Emergency Call screen when the device is locked.
    Check -- cannot open find

    Also, try to make sure that you can access the find feature when the device is unlocked.
    Check -- works as before

    Repeat this a few times in various orders.
    Have done, will do more


    Also, keep an eye out for any issues that may have now come up. The fix should not have created any issues, but I do have to listen for a few internal things (key presses and the lock broadcast).

    Also, watch for any major performance hits.
    None so far.
    Cheers, Perry.
  16. #16  
    I have also tested this with Genius (which traps the find key when the device is locked anyway), and there are no issues.
  17. #17  
    As a note, I have not tested for this yet, but if you have a "locker" application, it might be worth locking this application into the dbcache.
  18. #18  
    LOL

    Ya know --after reading that post, I now know what you are talking about, but untill this moment I had no idea that could be done. I assume locking a .prc into dbcache protects it some how and I also assume that clearing the dbcache will have no effect on such a locked file . . . . . .

    As you can guess -- I have no such "locker" program.

    Cheers, Perry.
  19. #19  
    You should be fine. My only concern is on devices where they automatically flush the dbcache. It *may* flush out the fix, then either making the device unstable or vulnerable. I have not tested this, yet.
  20. #20  
    I have Blazer set to flush the cache on exit. . . . should I change this?

    EDIT: I have been in and out of Blazer twice now and the fix stays in place. . . . .


    Should the find function be accessible from Blazer?
    If it should, it is now not, but I have never tried it from Blazer before . . . . .

    Hmm. . . . find no longer accessible from anything. . . .
    Soft reset . . . .no good
    Using FileZ to delete the fix file. . . .
    Find now working
    Yes, it is accessible from Blazer!

    I can re-install and try some other things. . . .
    Any ideas?

    Reinstalled via the hotsync process -- and now cannot open find anywhere. . .
    deleted the fix file again and find is back . . . .

    Suggestions?
    Last edited by gtwo; 02/15/2007 at 07:22 PM.
Page 1 of 3 123 LastLast

Posting Permissions