Grand Idea Studio

Palm OS Password Lockout Bypass

 

The Palm Operating System (OS) Security application provides “system lockout” functionality in which the Palm device will not be operational until the correct password is entered. The password is also used to protect and hide records by marking them as “Private.” A backdoor exists in Palm OS which provides source and assembly level debugging of executables and the administration of databases existing on the physical device.

Although this backdoor is documented for debugging purposes, it can be activated even if the Palm OS lockout functionality is enabled. This will allow an unauthorized user to perform a number of commands including, but not limited to, retrieving an encoded form of the system password, obtaining all database and record information on the device, and installing or deleting applications.

Application: Palm OS 3.5.2 and earlier
Severity: Passwords and data can easily be obtained through a backdoor in Palm OS, even if the device is “locked.”

Security Advisory: Palm OS Password Lockout Bypass

Originally published as an @stake Security Advisory.

Press

MacroFab Engineering Podcast

Joe Grand: The Origin Story

Atari 2600 Game By Game Podcast

SCSIcide/Ultra SCSIcide with Joe ...

Hacker Warehouse TV

Hardware Hacking - Joe Grand ...