[ale] palm pilots and unattended PCs
hirsch at zapmedia.com
hirsch at zapmedia.com
Thu Sep 14 21:30:29 EDT 2000
I just read this article in comp.risks. It points out that you can
still sync your palm, even if your NT machine is locked and password
protected. I bet thet Linux has the same problem, though I haven't
tested it. It's an interesting security whole.
Does anyone know of a "secure xlock" which will not only keep users
out of your X session, but also lock the various ports? It sounds
like a somewhat tricky problem.
--Michael
From: rubin at research.att.com (Avi Rubin)
To: ale at ale.org
Subject: Windows NT/2000 "Lock Computer" allows palm sync
Date: Fri, 8 Sep 2000 15:03:39 GMT
In Windows NT and 2000, you can hit Alt-Ctr-Del, and one of the options is
to lock the computer. Then, a password is required to unlock it. A reboot
also requires a password to log in, so it would seem that this is a pretty
safe state to leave your computer in when stepping away from your desk.
The other day, I pushed the button to sync my palm pilot, and it worked.
Then I realized that I had locked my computer. I did some testing on Windows
NT and 2000, and apparently, the Palm synchronization always works when the
computer is locked.
There are several risks/attacks:
- I take a blank palm pilot to your computer, which is locked, and I
sync with it and copy all of your palm pilot data. Many people keep
a master list of accounts and passwords on their pilot, among other
valuable/sensitive data.
- In a more malicious version of the previous attack, I sync all your
palm data. Then, I zero out the contents of each record in every database.
Then I sync again. The result is very likely that I will delete all of the
data on the PC, and that the next time you sync, all of the data will
be deleted on the palm. I know of a case where this "attack" worked in
practice, by accident.
- I write a palm hack that does whatever I want it to do to your data. I then
sync with your PC, and the hack gets copied to your pilot desktop. The next
time you sync, the hack is installed on the palm.
I am sure there are other attacks that I haven't thought of. Anyway, I think
that if Windows NT/2000 is going to have an option to lock the computer, it
must make access to something as important as all of the Palm Pilot
databases inaccessible. Perhaps turn off access to the serial port, USB,
port, etc, and not just the keyboard.
Avi http://avirubin.com/
--
To unsubscribe: mail majordomo at ale.org with "unsubscribe ale" in message body.
More information about the Ale
mailing list