Feeds

Sharp Linux handheld in double bug alert

Zoinks!

  • alert
  • submit to reddit

Sharp's Linux-based Zaurus handhelds have two security bugs.

The first vulnerability could give a remote attacker full control of the Zaurus filesystem, including the ability to overwrite files and/or programs with trojans.

The Zaurus SLD-50000D and SL-5500 devices are designed for consumers but if used in business, the vulnerabilty supplies a way in to get into corporate systems.

The exploit takes advantage of a lack of authentication in the in-built FTP daemon used to synchronise data between a handheld and a users' PC, according to an advisory by Syracuse University's Center for Systems Assurance.

And there's more.

A second vulnerability affects the Zaurus passcode function, which locks the handheld so that no data can be input via the keypad and touch screen. Passwords are stored on devices in encrypted form, but this code can be broken by a dedicated hacker because of a lack of rigour in the cryptographic processes.

Sharp has been notified about both issues and is working on a fix.

As a workaround to the first problem, users who use Ethernet or PPP to attach to a network should either discontinue use of QPE, the default windowing system for the units, or place themselves behind a firewall until a patch for QPE is released. Fixing the second problem is dependant on Sharp introducing a more robust method of storing the passcode function. ®

Related Stories

iAnywhere Sharp deal gives Linux PDAs boost
Sharp Linux PDA needs apps now!
Sharp launches next-gen Zaurus, promises 3G wireless version

Whitepapers

Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.
WIN a very cool portable ZX Spectrum
Win a one-off portable Spectrum built by legendary hardware hacker Ben Heck
Storage capacity and performance optimization at Mizuno USA
Mizuno USA turn to Tegile storage technology to solve both their SAN and backup issues.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
The next step in data security
With recent increased privacy concerns and computers becoming more powerful, the chance of hackers being able to crack smaller-sized RSA keys increases.