Check out the new USENIX Web site. next up previous
Next: Recommendations Up: Infection Techniques Previous: Infection Techniques


Application Installation Procedure

The current installation procedure for loading third-party applications onto a Palm OS device is simplistic in nature and was not designed with security in mind. The Install Tool, provided with the Palm Desktop software, copies the desired application into the /Palm/<user>/Install directory on the desktop PC. Upon the next HotSync operation, the contents in this directory are automatically loaded onto the Palm OS device. This is one example of cross-architecture pollination as the virus effectively transfers itself to the new platform.

No confirmation or authentication mechanisms exist during the HotSync operation. This shows the integrity and security of the host PC as an integral component in this chain of actions. If the host PC is compromised, the PDA can be considered compromised, as well.

Subsections

Kingpin
2001-05-09