Infrared

For point-to-point, close quarters communications, infrared is typically the model of choice. In a standard IR beaming session, the Palm OS will send a sysAppLaunchCmdExgAskUser launch code to the receiving application. Typically, applications do not have custom handlers for this launch code, in which case the default response is to present the user with a dialog box prompting for acceptance or rejection of the request. If, however, the application handles the launch code, as detailed in §8.1, and sets the result flag to exgAskOk, the application will send a sysAppLaunchCmdExgReceiveData launch code and always receive the incoming data without displaying a dialog box or requiring user intervention.

Using the Exchange Manager functionality in this manner, it is trivial to transmit and receive applications and data over the infrared communications channel. With collusion on the receiving end, as would be possible with an infected system, IR functionality creates a viable conduit for propagation of virus and other malicious applications.

The scenario of beaming business cards at conventions comes quickly to mind as a potential hostile environment that previously might not have been considered as such. Consider a scenario where an adversary, posing as a conference attendee, beams malicious code or other payload, in the form of a business card object, to another individual. The malicious code could then spread from this individual to trusted parties during seemingly innocuous business card transfers.