Palm Treo's password lock bypassed
As Symantec reports in a security advisory, the lock on smartphones is not always sufficient to prevent an attacker from accessing confidential information. The password lock on Treo smartphones from Palm can apparently be bypassed in order to view confidential information stored on the mobile device. At fault is the Treo's Find function, which can be accessed on locked devices using a specific key combination, and which can be used to search the contents of text messages, memos, calendar entries, tasks, etc. In addition, according to Symantec, the Find function can also be used to open an edit window.
The key combination to call the Find function is, however, only accessible during an incoming call or an outgoing emergency call. However, this does not represent a serious obstacle to an attacker who has a Treo in their possession. According to the security advisory, Palm's Treo 650, Treo 680 and Treo 700p are affected. Palm has been informed of the problem, but, according to Symantec, does not intend to release a patch to fix the vulnerability. According to US media reports however, the company is working on an update for the 700p and 680 models. They are not looking into a solution for the Treo 650. An unofficial patch, which, however, has not been subjected to further testing, is already available from the Treo community website Treocentral.
Users should consider encrypting any sensitive information stored on their device.
- Palm OS Treo Find Feature System Password Bypass, security advisory from Symantec