Security Analysis of the Palm Operating System and its Weaknesses Against Malicious Code Threats

Portable devices, such as Personal Digital Assis-tants (PDAs), are particularly vulnerable to mali-cious code threats due to their widespread imple-mentation and current lack of a security framework. Although well known in the security industry to be insecure, PDAs are ubiquitous in enterprise envi-ronments and are being used for such applications as one-time-password generation, storage of medi-cal and company confidential information, and e-commerce. It is not enough to assume all users are conscious of computer security and it is crucial to understand the risks of using portable devices in a security infrastructure. Furthermore, it is not pos-sible to employ a secure application on top of an insecure foundation.

Palm operating system (OS) devices own nearly 80 percent of the global handheld computing mar-ket [11]. It is because of this that the design of the Palm OS and its supporting hardware platform were analyzed. The presented research provides detail into specific scenarios, weaknesses, and mitigation recommendations related to data protection, ma-licious code, virus storage, and virus propagation. Additionally, this work can be used as a model by users and developers to gain a deeper understanding of the additional security risks that these and other portable devices introduce.