Conclusions

In this paper, we analyzed the design of the Palm OS and hardware platform with respect to data storage issues, improper security design, and malicious code threats. Vulnerable and at-risk areas were identified that could be taken advantage of for such attacks. It has been pointed out that a variety of problems exist that can be exploited at both the operating system and hardware levels. Specific changes to Palm OS and its associated hardware were recommended and would be required to begin to properly implement preventive measures.

For solutions, it becomes apparent that implementing layer-based access control may be necessary to allow the application level to communicate only with the operating system. Conjunctively, these access control mechanisms would allow the operating system only to communicate with the hardware. The current design of the Palm OS software and hardware is not laid out in this fashion. As a result, many of the attacks discussed in this paper remain extremely difficult to defend against with third-party software running at the application layer. If future versions of Palm OS allow third-party applications to run as multi-threaded, anti-virus applications could essentially run in the ``background'' and use monitoring techniques as proven useful in desktop environments. Additionally, it may be possible to emulate a virtual machine that provides integrity and memory protection. Virtual memory areas of RAM used during cryptographic operations can be encrypted similar to [24] to protect temporarily stored plaintext.

The cryptographic code signing of applications has been used in many ActiveX scripts and Java applets for a number of years. Portable devices should employ such methods to verify the integrity of trusted applications. Ideally, the code signing routines and resultant signatures would be stored in ROM along with the Certificate Authority (CA) public key of the product vendor. It may be possible to store signatures in Secure Digital (SD) external memory cards (which are planned to be designed into Palm OS devices in late 2001) or Handspring's Springboard modules.

In lieu of any operating system upgrades or hardware re-designs, there are a number of simple and immediate precautionary measures a user can exercise to reduce the risk of data theft or malicious attacks:

• Be aware of what applications are being loaded onto the portable device. If an application comes from an untrusted source, extra care must be taken. This may entail using an existing anti-virus package on the PC to scan the file for known threats or testing the application functionality on a spare device.



• Monitor the HotSync Log and Last HotSync Operation date to verify that there were no unauthorized HotSync operations performed.



• Disable the ``Beam Receive'' functionality in the System Preferences panel. Enable this feature only when necessary. This prohibits anyone from beaming information to the Palm OS device.



• Be aware of the physical location of your Palm device at all times. Attaching a belt clip or lanyard will reduce loss, misplacement, or theft.

Because Palm OS devices account for the majority of the PDA market, it is hoped that the research in this paper is used to create a more secure computing environment in the short term. It is also hoped that the analyses and ideas provided in this paper will be used in future work to design more secure products.

In the current state, caution should be taken when employing portable devices for security purposes. In a War College-style approach, it is believed by the authors that oftentimes the simple knowledge of a vulnerable area is enough to help steer the user towards more security-conscious use.