Palm Virii-Transferring On A Beam Near You?

byronne asks: "There is a completely uncharted virus distribution exploit available on Palm platforms that I've been wondering about for several months, namely, 'beaming.' By default, a Palm device's beam receive via infrared is set to on, or always ready to receive. If one were to write a piece of replicating code that ran in the OS as a hack, constantly 'beaming' copies of itself out the infrared port, you might have a significant problem at hand, especially if that code were malicious. Has anyone heard or read about this possibility?" It's possible, but the code needs to be executed. I'm not quite familiar enough with the Palm to know if this is possible once it's been "beamed."

"Picture this scenario: You're at a Comdex or other high tech tradeshow where practically every tek-head is carrying around their palm pilot. At intervals, a palm device infected with replicating code beams itself out. Nine times out of 10, it may not find a recipient, but when it does, that recipient becomes a carrier. This has nothing to do with e-mail, trojan horses or file infections; it would be the first true 'airborn' virus - similar to a biological virus. So now there are two carriers beaming around this trade show - obviously this has geometrically exponential possibilities of spreading, in theory. I haven't seen any coverage of this in the media at all, but it's my opinion that it's only a matter of time before we will need to address this. For example, Symantec developing an antivirus palm app is a step in the right direction, but it's probably pretty important to keep all infection methods in mind - not just e-mail."

What's the Plural of `Virus'?

[tiwason]

Well.. since someone posts it on every other /. article mentioning viruses...

Here is Tom Christiansen and his rant on the plural of virus... viruses

http://language.perl.com/misc/virus.html [perl.com]

HP48 had this problem

[Drakino]

I can't remember too many of the details, but the HP48 calculators had 2 different virii for them that both beamed themselves anytime anything was beamed. In theory, a Palm virus could keep trying to beam, but the sudden drop in battery life would probably alert the user. But if the virus attached it's self to any normal beaming activity, it could go undetected for much longer. It would still be a big threat this way, because how many Palm users just beam their info instead of telling it to the other Palm user to type in? Or the users who enjoy beaming the newest game to others...

What about the next step...

[goodEvans]

Forget Palms, what happens when Bluetooth becomes commonplace? For instance, a mobile phone virus that makes the phone ring uncontrollably once it has passed the virus on. Imagine a crowded train platform with a wave of ringing phones going across it...

Not possible to execute

[smcavoy]

As far as I know it is impossible to have a program execute with out activating it. But even before that it would have to be accepted by the user. you could attach a program to another and send that, then have it execute before the other is loaded but still very, very unliky...

The key thing is execution

[Zaffle]

If the binary (virus) isn't executed by the OS/software/user, then the most it can do is sit there and waste space. Ethier the OS/Software/User must execute the binary. Afaik the PalmOS doesn't execute code received via the IR port automagically, so its a non deal(see below).

However, it can be a deal, most virii/worms/trojans require some manual interaction, (eg the user clicking on an attachment, downloading an infected program, etc). On the other hard, due to various software bugs (or inherint design flaws), it is possible for some worm/virii to travel without user intervention util the bug is fixed.

There are two ways to make a virus/worm travel, make it likely the user will run your code (hotpic.jpg.vs or, in the good 'ol viruses, attach to every executable in the system), or to exploit a bug in a piece of software that will make it automatically run your binary.

Back on topic, Palm virii. I suppose (assuming there is no exploitable bug) a virus could just be uploaded, and wait for the user to click it. As is the case with the current trend of viruses. As we know from past experience, users will run almost anything given to them. (Even to the point of downloading a file like hotpic.jpg.vs from gnutella (which doesn't hide the extensions) and then go find it on their HD, and then double click on it!).

So if a virus can transmit itself in the form of an exe/script via email and still be considered a threat, then yup prepare for the media hype this time, as "thousands of business executives at trade shows, conferences, or even just walking down the street are at threat from this new highly dangerous virus" (ugh!).

The easiest defense against email viruses is to filter .exe's, screensavers, and various other scripts at your local mail server. The only ones that can get through after that are document macros, and I'm looking (read: someone write this for me, I don't have the time) for a linux program that can strip macros from word/excel documents. (Oh wouldn't that be nice!).

---

Confirmation required

[sjehay]

This couldn't happen 'secretly', without people knowing about it, because, as soon as the Palm receives a program via infrared it pops up a little dialog box, saying, 'Are you sure you want to accept ?' If you say no, it's deleted, no problem. So you have to confirm that you want to accept the code; then you have to deliberately start it. It would have to work as a trojan, where people think it's a game or something, but even so, most people wouldn't accept a strange application which has been suddenly beamed to them...

Re:Not possible to execute

[bdahlem]

The palm does actually have a backdoor... when it is reset, it runs each application in memory to give it a chance to reinitialize itself. This is why hackmaster can prompt you to reinstall formerly active hacks, for example. This means that a simple reset wouldn't clean up the virus either.

There is still the problem that the palm requires that the user accept any beamed applications, which would give the user plenty of notice that something was going on before the virus was able to start running.

Hotsync could potentially enable the virus

[Drakino]

The way I see a virus working on the Palm would be for it to beam it's self alongside any other data being beamed. It would remain hidden, and be in the system when the user accepted someones information or program. Then when either a reset or hotsync occurs, the virus can then initialize it's self, and then begin to beam it's self with any other data.

Also, this potentially could introduce a new virus for the PC. PayPal is able to install a conduit when it is beamed from another PayPal Palm user and that Palm that recieved the beam is then Hotsynced.

The possibilites

[Kryptic Knight]

Just think .. you're at a major conference with your team walking round with your pre-infected Palm's. What a nice way to get your advertising onto everyone else's machine. Yeah Ok its not going to be conducive to your companies rep .. or is it?

My simple answer

[Elvii]

I turn beam recieve off. Might save a bit of power, disarms this kind of thing, and also, as someone esle noted, you have to confirm installing what was beamed over under plamos..

Thou this reminds me of something, a UF cartoon, where Stef shows up a some kind of computer show with super-powered IR sender to beam ads to many, many people.. talk about spam. :)

bash: ispell: command not found

maybe

[TexorcisT]

firstly - if you can get it on there, it will begin to run. the prob is getting it on there. palms will auto-receive but require a close proximity for the whole tx/rx and once completed ask for user response to save or no. i don't know whether this can be circumvented.

Re:Confirmation required

[ZvlvLord]

Good day... It is possible for the sending application to disable the popup screen on the receiving device. Standard knowledge if you code for the P OS platform.... Kind regards