Palm Treo smartphone flaws detected

By

Several versions of the Palm Treo smartphone contain security flaws that could allow anyone who gets hold of it to access the data, even when the device is locked, Symantec has warned.


The vulnerability affects models 650, 680 and 700p, although other versions are also likely to be affected, according to an advisory on the security company’s website.

The flaw allows anyone with access to the phone, to locate the data stored on it by using the “find” feature.

“Palm OS Treo smartphones are susceptible to a local information-disclosure vulnerability because the software fails to properly secure access to certain features when locked,” the posting on Symantec’s security focus website said.

“Successfully exploiting this issue allows attackers with physical access to affected devices to obtain potentially sensitive information. This may aid them in further attacks.”

Jamie Cowper, marketing manager EMEA at PGP Corporation, added: “As more people store sensitive data on smartphones such as the Treo, it is imperative that this information receives the same level of protection as data stored on the corporate network, merely locking the device only creates a false sense of security.

“Companies need to extend their IT security policies to workers’ mobile devices, and encryption should be at the heart of these policies. This remains the only way to ensure that data stays completely protected, even if the devices are lost or stolen.”

Palm has yet to issue a patch for the flaws.
Got a news tip for our journalists? Share it with us anonymously here.
Tags:
detectedflawspalmsecuritysmartphonetreo

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?