[ale] palm pilots and unattended PCs

hirsch at zapmedia.com hirsch at zapmedia.com
Thu Sep 14 21:30:29 EDT 2000 

I just read this article in comp.risks.  It points out that you can
still sync your palm, even if your NT machine is locked and password
protected.  I bet thet Linux has the same problem, though I haven't
tested it.  It's an interesting security whole.  

Does anyone know of a "secure xlock" which will not only keep users
out of your X session, but also lock the various ports?  It sounds
like a somewhat tricky problem.

--Michael

From: rubin at research.att.com (Avi Rubin)
To: ale at ale.org
Subject: Windows NT/2000 "Lock Computer" allows palm sync
Date: Fri, 8 Sep 2000 15:03:39 GMT

In Windows NT and 2000, you can hit Alt-Ctr-Del, and one of the options is
to lock the computer. Then, a password is required to unlock it. A reboot
also requires a password to log in, so it would seem that this is a pretty
safe state to leave your computer in when stepping away from your desk.

The other day, I pushed the button to sync my palm pilot, and it worked.
Then I realized that I had locked my computer. I did some testing on Windows
NT and 2000, and apparently, the Palm synchronization always works when the
computer is locked.

There are several risks/attacks:

- I take a blank palm pilot to your computer, which is locked, and I
  sync with it and copy all of your palm pilot data. Many people keep
  a master list of accounts and passwords on their pilot, among other
  valuable/sensitive data.

- In a more malicious version of the previous attack, I sync all your
  palm data. Then, I zero out the contents of each record in every database.
  Then I sync again. The result is very likely that I will delete all of the
  data on the PC, and that the next time you sync, all of the data will
  be deleted on the palm. I know of a case where this "attack" worked in 
  practice, by accident.

- I write a palm hack that does whatever I want it to do to your data. I then
  sync with your PC, and the hack gets copied to your pilot desktop. The next
  time you sync, the hack is installed on the palm.

I am sure there are other attacks that I haven't thought of.  Anyway, I think
that if Windows NT/2000 is going to have an option to lock the computer, it
must make access to something as important as all of the Palm Pilot
databases inaccessible. Perhaps turn off access to the serial port, USB,
port, etc, and not just the keyboard.

Avi   http://avirubin.com/
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.

More information about the Ale mailing list