Flash Memory

Palm OS devices incorporating non-volatile Flash memory currently use it solely for the storage of the operating system code. Depending on the family of Palm OS device, there remains between 440kB and 824kB of unused memory space.

Utilities exist, such as [27], which make use of the unused memory areas to backup applications and databases. These utilities are OS- and device-specific and use functionality outside of the Palm OS API. This is a perfect example of payload storage and is identical to how a malicious application would utilize Flash memory for such a purpose.

Data could also be stored on the Flash memory outside of the address space that is used by Palm OS, but within the valid memory map as specified in the DragonBall Group-Base Address registers. In doing so, applications running on Palm OS using only API functions will not be able to access nor see the data stored in this region.

Recommendations to minimize the risks of improper Flash memory usage are discussed in §9.3.1.