Zaurus Bugs Put Corporate Networks at Risk
Page 1 of 1
Researchers at Syracuse University have found multiple bugs in Sharp's Zaurus SL-5000D and SL-5500 handheld devices that puts corporate networks at risk.
A warning from the school's Center for Systems Assurance said the bugs would allow a remote attacker to take full control of the Zaurus file system, including the ability to overwrite files and/or programs with Trojans.
The researchers also found a second vulnerability that affects the Zaurus passcode function, which locks the Zaurus so that no data can be input via the keypad and touch screen.
The suspect handhelds use FTP for synching operations and the SU team found that the FTP daemon on both Zaurus units was built into QPE, the default windowing system for the units, on port 4242. The daemon binds to all network interfaces on the Zaurus, including any wireless network or PPP interfaces.
The screen-locking passwords are stored in the file /home/root/Settings/Security.conf and the security alert noted that the passcode program uses the same salt value every time the passcode is set: A0. "Knowing this, a cracker can generate a passcode table approximately 4G in size, which can be used to look up the passcode given the file Security.conf," it warned.
It said Sharp's support team had been notified of both vulnerabilities and promised a fix. In the meantime, the school's researchers urged Zaurus users who use ethernet or PPP to attach to a network to either discontinue use of QPE or place themselves behind a firewall until a patch for QPE is released.