|
|
|
|
| |
| The Xircom REX6000 PCMCIA PDA can be protected with up to a 10 digit PIN-code that needs to be entered via the touch screen every time the PDA is powered on when using the highest security level. After you enter a correct code, every data stored on the PDA is available for access. Memos marked Private needs the same PIN code to be entered every time they are accessed. The manual states clearly, "PIN code is to protect the data". The security protection mechanism has been found to be flawed, allowing access to the protected information. |
| |
Credit:
The information has been provided by Daniel Jonsson.
|
| |
The PIN Code protection structure built into the REX6000 PDA makes this secret PIN Code useless for protecting any type of data. Using the included REXTOOLS program the user can copy/paste/change the PDA information via a computer. The REXTOOLS and the REX6000 PDA uses serial (COMx) for communication. The REXTOOLS program correctly asks for the PIN Code when trying to access the PDA and prevents information from being shown in the program if the PIN Code is incorrect. However, the verification of the PIN Code is done by the REXTOOLS program, and here is where the PIN Code structure flaws. By using a serial monitor program to listen to the communications between the REXTOOLS and the PDA the PIN Code will be send in clear text from the PDA to REXTOOLS after some initial communication, just before REXTOOLS prompts for the PIN Code and verifies that the one entered is the same as the one received from the PDA.
In short, every PIN Code protected REX6000 PDA can be compromised by just starting a serial monitor, and then connect to the PDA using REXTOOLS, read the clear text PIN Code send from the PDA and enter it when REXTOOLS asks for that PIN Code, or by simply eject the PCMCIA REX6000 PDA and enter the PIN Code via the touch screen.
|
|
|
|
|
|
|
|
|
|
