Feeds

Sharp Linux handheld in double bug alert

Zoinks!

  • alert
  • submit to reddit

Sharp's Linux-based Zaurus handhelds have two security bugs.

The first vulnerability could give a remote attacker full control of the Zaurus filesystem, including the ability to overwrite files and/or programs with trojans.

The Zaurus SLD-50000D and SL-5500 devices are designed for consumers but if used in business, the vulnerabilty supplies a way in to get into corporate systems.

The exploit takes advantage of a lack of authentication in the in-built FTP daemon used to synchronise data between a handheld and a users' PC, according to an advisory by Syracuse University's Center for Systems Assurance.

And there's more.

A second vulnerability affects the Zaurus passcode function, which locks the handheld so that no data can be input via the keypad and touch screen. Passwords are stored on devices in encrypted form, but this code can be broken by a dedicated hacker because of a lack of rigour in the cryptographic processes.

Sharp has been notified about both issues and is working on a fix.

As a workaround to the first problem, users who use Ethernet or PPP to attach to a network should either discontinue use of QPE, the default windowing system for the units, or place themselves behind a firewall until a patch for QPE is released. Fixing the second problem is dependant on Sharp introducing a more robust method of storing the passcode function. ®

Related Stories

iAnywhere Sharp deal gives Linux PDAs boost
Sharp Linux PDA needs apps now!
Sharp launches next-gen Zaurus, promises 3G wireless version

Whitepapers

5 things you didn’t know about cloud backup
IT departments are embracing cloud backup, but there’s a lot you need to know before choosing a service provider. Learn all the critical things you need to know.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.
Rethinking backup and recovery in the modern data center
Combining intelligence, operational analytics, and automation to enable efficient, data-driven IT organizations using the HP ABR approach.
Next gen security for virtualised datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.