Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Hmmmm, I've read with interest the threads where people keep pointing out that the Visors all do not have Flash ROM.

I was thinking about viruses and I came to a pretty scary thought on the issue of Palm viruses and FlashROM.

It's so scary that I even hesitate to mention it for fear that it might one day come to pass.

You see, the availability of FlashROM itself is I think a liability rather than an asset when it comes to viruses.

We are all aware that there is such a thing as a program (like FlashPro, for example) that is able to access the FlashROM of a Palm so that you can use it to make more space for your Palm by storing apps on your FlashROM rather than on the RAM.

My thought is this: what's to stop a particularly malicious virus maker from making a Palm virus that takes advantage of the FlashROM and stores itself on the FlashROM of the Palm (or even erasing the PalmOS totally), making the whole device totally unusuable?

In a way, Visors are protected from this kind of virus because we just do not have flashROM.

I think it's a really scary thought, though and one of the major security holes of the Palm.

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:

---

Originally posted by Tan Kit Hoong

My thought is this: what's to stop a particularly malicious virus maker from making a Palm virus that ... stores itself on the FlashROM

---

__________________
Jeff

Registered: Sep 1999
Location: Texan in Calgary for a while
Posts: 1361

Hmm, PCs today have Flash BIOS, essentially the same thing. I suppose that it is possible, but by the same token someone could write a virus that uploads itself to a Springboard module's flash memory. It would take a lot of work though.

__________________
James Hromadka
Old Friend

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

I'm talking about the EEPROM, PDAENVY - for example, the Palm Vx has 2MBs worth of EEPROM where the actual OS and default apps are stored.

This is flashable like when you do an OS upgrade to OS3.5 from OS3.1.

However, with a program like FlashPro, you CAN actually have access to the EEPROM to store apps (and it works similar to the FileMover, except that instead of moving file from RAM to SpringBoard module, it moves it right into the EEPROM) - out of the 2MBs of flash EEPROM (different from the 8MBs of RAM) on the Palm Vx, there is still about 800K that is free. With programs like FlashPro (from TRG), you can actually store apps right on the EEPROM. Some people have actually flashed DateBk4 into this space. Yes, since it is stored on the EEPROM, a hard reset WILL NOT clear the DateBk 4 that's been flashed into the it.

I have personally used FlashPro to do this and have even deleted some built-in Palm apps from the ROM, like the "Welcome" app for example.

Therefore, by the same extension, if I modified FlashPro a little bit, added some malicious code into it and disguised it as, say, a game, then the next time you install it on your Palm Vx and click on it, it could conceivably start a process which will write the malicious code right into your EEPROM, causing havoc with the Palm which even a hard reset could not cure.

JackFlash is also another application that can access the Palm's flashable EEPROM: http://www.palmgear.com/software/sh...cfm?prodID=5347

FlashPro : http://www.palmgear.com/software/sh...amp;prodID=2611

Check out the documentation. I've given this a lot of thought and I think it's entirely possible and quite scary if you are a Palm Vx, Palm IIIc, Palm IIIxe or TRGPro owner.

[Edited by Tan Kit Hoong on 11-28-2000 at 09:45 AM]

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:

---

Originally posted by Tan Kit Hoong
... for example, the Palm Vx has 2MBs worth of EEPROM where the actual OS and default apps are stored.

This is flashable like when you do an OS upgrade to OS3.5 from OS3.1.

...Therefore, by the same extension, if I modified FlashPro a little bit, ... , then the next time you install it on your Palm Vx and click on it, it could conceivably start a process which will write the malicious code right into your EEPROM, causing havoc with the Palm which even a hard reset could not cure.

[Edited by Tan Kit Hoong on 11-28-2000 at 09:40 AM]

---

Is the entire OS in EEPROM, or is some of it in regular ROM?

quote:

---

some have flashable ROM (actually EEPROM). ... the flashable rom is clearable ... by leaving the batteries out long enough

---

I can't believe I said this. The whole point of EEPROM is to be independant of batteries. And while it might be feasible to make a hard reset also zero the EEPROM, no vendor would do it because it would blow away the OS patches stored there.

Chalk another one up to lack of coffee and condescending computer engineer attitude! Sorry.

__________________
Jeff

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Since an upgrade from OS3.1 to OS3.5 is quite a complete makeover, I believe the whole OS and default apps are stored on the EEPROM.

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Registered: Sep 1999
Location: San Francisco, CA
Posts: 431

quote:

---

Originally posted by PDAENVY
...

quote:

---

... (or even erasing the PalmOS totally), making the whole device totally unusuable?

---

This is not possible. All PalmOS PDAs have non-destructable ROM and some have flashable ROM (actually EEPROM). No virus can harm the ROM, and the flashable rom is clearable with a hard reset or by leaving the batteries out long enough.

---

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:

---

Originally posted by Tan Kit Hoong
Since an upgrade from OS3.1 to OS3.5 is quite a complete makeover, I believe the whole OS and default apps are stored on the EEPROM.

---

__________________
Jeff

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Yes, PDAENVY, but I see three possible ways that a virus could ensure it cannot be removed once on the EEPROM:

1. The virus could cause your Palm to go into a continuous reset loop, thereby making HotSync and beaming of a cure impossible.
2. If a virus clears the OS, the machine might be totally unusable as the neccesary software for HotSynching won't be there.
3. At the least, a ROM virus could easily disable HotSync and beaming so that you cannot install any more programs.

In this case, there are only two ways to possibly fix this:

1. You already have an antivirus program that was on your Palm and it detected it and removed it before it could do any damage.
2. If not, and the damage is already done, then the only way would be to remove the EEPROM and re-flash it with a clean OS, using professional equipment (much as some motherboard BIOSs can be flashed once, say, infecetd by the CIH virus)

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Registered: Sep 2000
Location: Nazareth, PA
Posts: 99

I think a few things need to be cleared up.
1. Your entire OS and the included apps are stored on the EEPROM.
2. When you have a major OS update like 3.1 to 3.5 the OS and all the apps are over written by the newer version, the old OS no longer exists on the device.
3. The extra memory on the EEPROM is for future expansion. ie. the newer OS's and built in apps may take up more memory.
4. Programs like JackFlash take advantage of this and let you store apps in there so you won't lose info when your battery goes dead.
5. The possibility exists that an app could be made to format the EEPROM so that nothing on it is left. Which means there is no program to hotsync or beam the OS back onto the device.
6. The Visors are immune to this problem because there OS and built-in apps reside on a regular ROM chip wich can to be written to.
7. The only way to fix a palm with a formatted EEPROM would be to flash it using equipment at palms manufacturing plant or replacing the EEPROM.

__________________
http://signature.coola.com/[email protected]

Registered: Dec 1999
Location: Kuala Lumpur
Posts: 247

Back to my original intent in starting this thread - scary isn't it?

Yes, and our Visors are protected from these kinds of viruses at least, and Visor owners can be confident that a hard reset will effectively get rid of any viruses

__________________
Tan Kit Hoong,
Star Publications (M) Ltd
<img src="http://thestar.com.my/tech/images/thestar_140x45.gif">

Registered: Dec 2000
Location:
Posts: 24

Reading this post has reminded me of a program I saw for the TI-89 graphing calculator. The calculator ahs a Flashable rom for OS upgrades and the OS itslef allows you to 'archive' files by flashing them to the chip and removing them from ram. Someone wrote a program that continually flashed a file again and again. The claim was that this process, if left going for a great enough amount of time, would destroy the ROM chip or at least render the calculator inoperable in some way. I can't confirm this, of course (why would I try this???) but it seems interesting and possible that a Palm's chip could be harmed or the OS deleted in some way.

Registered: Nov 1999
Location: Ann Arbor, Michigan USA
Posts: 790

quote:

---

Originally posted by Fagan
...Someone wrote a program that continually flashed a file again and again. The claim was that this process, if left going for a great enough amount of time, would destroy the ROM chip or at least render the calculator inoperable in some way. I can't confirm this, of course (why would I try this???) but it seems interesting and possible that a Palm's chip could be harmed or the OS deleted in some way.

---

Certainly a flash chip has a MTBF. Depending on how long it takes to flash and how long the loop is left running, it should be possible to burn it out.

__________________
Jeff

Registered: Feb 2001
Location:
Posts: 447

quote:

---

Originally posted by Tan Kit Hoong
If not, and the damage is already done, then the only way would be to remove the EEPROM and re-flash it with a clean OS, using professional equipment (much as some motherboard BIOSs can be flashed once, say, infecetd by the CIH virus)

---

Registered: May 2000
Location: St. Paul, MN
Posts: 1429

AS I have heard, EEPROM is only rated for liek 10,000 rewritings. While that is enough for normal use of certin things. You can't store things like varibles on it, because it would eventually die. THAT TI program is real MY friend got it on his 83+, I feel sorry for him

__________________
-miradu