Register Manipulation

While attacks using the Palm OS API are a major threat, lack of compartmentalization in the operating system allows the user to target the underlying hardware controlling the device. The DragonBall allows direct control of its registers via memory-mapping. Direct control of these registers allows an attacker to control many low-level aspects of device operation. An application simply has to define a pointer to the specific memory location representing the target register.

By examining the DragonBall registers, we have determined particular registers that, when improperly modified, can lead to disruptive events or physical damage to the Palm OS device. Our theorized effects are listed in Table 3. It should be noted that while these examples focus on the DragonBall processor, other embedded microprocessors exhibit similar vulnerabilities. These attacks are comparable to the desktop computer environment in which malicious programs would change the synchronization rate of a monitor or over-drive and manipulate hard drive heads.

Table 3: Selected registers and theorized effects of improper modification

Register(s)	Potential Effects
Phase-Locked Loop (PLL) Control	System can be halted.
Power Control
Group-Base Address	Corrupted memory maps making code and data
Group-Base Address Mask	fetches impossible.
Chip-Select
LCD Controller Module	Affect LCD functionality. It may be possible to
	cause LCD hardware damage by modifying the
	refresh frequency or by improper power cycling.