treocentral.com >> Stories >> Software
Palm to Patch Security hole in "Find" on Treo 680, 700p

Wed Feb 21, 2007 - 9:05 AM EST - By Dieter Bohn


Overview

Update: I was just kindly informed that Palm does indeed intend on also updating the Verizon version of the 700p in addition to the Sprint 700p. In other words, all of the currently-made PalmOS Treos will be receiving the security update. Thanks to Marlene Somsak for the note. This story has been modified to reflect this information.

As TreoCentral reported last week, Infoworld has uncovered what some consider to be a significant security flaw in PalmOS Treos. At issue is the "Find" feature, which in some cases can be used to bypass the PalmOS's built-in security features. In our original story, we noted how TreoCentral forum member dkirker created a stopgap patch that disabled the find button in some situations.

Yesterday, Marlene Somsak, Palm's VP of Communications, contacted InfoWorld - the site that originally broke the story. According to this story, Palm intends the address the security issue on some, but not all PalmOS Treos. Specifically, Somsak cited the Cingular Treo 680 and the Treo 700p.

As for the older Treo 650 and the even-older Treo 600, signs are much murkier. Said Somsak, "Palm has already done the revs they planned on the other products and hadn't planned to do more." This is not too surprising, given that Palm needs to keep their development focused on future products and innovation. On the other hand, it seems odd that whatever work is required to patch the 700p and the 680 wouldn't be easily applied to other PalmOS Treo models. It's not an impossibility, however, as InfoWorld notes "research is ongoing."

Perhaps the most surprising thing is that this security hole took so long to be noticed by not only Palm but also by the Treo community. Now that we have noticed it, it looks as though both Palm and the community are responding to it with as much haste as they can. Jennifer Chappel's article on the original security leak contains a couple of options PalmOS Treo owners can have for securing their Treos. Since the security breach requires you to have physical access to the Treo, probably your best "security option" is the same as it's always been: Don't lose your Treo.




Copyright 1999-2016 TreoCentral. All rights reserved : Terms of Use : Privacy Policy

TREO and TreoCentral are trademarks or registered trademarks of palm, Inc. in the United States and other countries;
the TreoCentral mark and domain name are used under license from palm, Inc.
The views expressed on this website are solely those of the proprietor, or
contributors to the site, and do not necessarily reflect the views of palm, Inc.
Read Merciful by Casey Adolfsson