17.03.2001
Asynchrony Addresses Recently Publicized Palm OS(r) 'System Lockout' Security Hole With Enhanced Version of PDABomb(TM) Security Software
PDABomb Version 1.1 Utilizes Multi-Layered Security Functionality To Address Recently Publicized Palm OS "System Lockout" Security Hole.
ST. LOUIS (March 15, 2001) - Asynchrony today released version 1.1 of PDABomb, the preeminent PDA security application, which includes new features designed to enhance security and increase ease of use.
To combat the recently reported "system lockout" security hole in current versions of the Palm OS, PDABomb utilizes an exclusive multi-layered approach to security, including encryption, automated memory bit-wipe upon attempted security breaches, and disabling of any data transfer mechanisms such as HotSync and the IrDA port when the device is turned off and locked.
"The system lockout backdoor is a non-issue for most Palm OS owners," said Gordon Clyne, security product manager at Palm, Inc. "A potential data thief would need extensive knowledge of the Palm OS to take advantage of the system lockout functionality to compromise data integrity. However, for those users with exceptional security requirements, PDABomb's multi-layered approach including erasing and regenerating the encryption key should satisfy the most security-minded enterprises."
New features in version 1.1 include:
- The "Delay AutoLock" option allows users to set a time delay after their device powers off and before PDABomb locks their device and encrypts the data. This saves the time and inconvenience of entering a password in the middle of a meeting, on a conference call, or in other similar situations.
- The program can optionally be set to bit-wipe the PDA if the device is not HotSynced within a user-specified amount of time. This option can erase all information before a thief can attempt to defeat the other security measures.
- Users have the option to display user information contained in the owner preferences so that if the device is lost the finder knows where to return the unit. "PDABomb puts up a gauntlet of multi-layered protection to thwart potential data thieves," said Nate McKie, chief technology officer at Asynchrony. "For example, from the moment a PDA is lost or stolen, a time bomb is ticking that will completely erase all data when the clock runs out or upon a specified number of incorrect password attempts."
In most cases, a would-be data thief will inadvertently erase the data through brute force attempts at breaking the password, or through the "time bomb" going off. To stop more sophisticated intrusion attempts, PDABomb encrypts the password and erases the encryption key from the device after the unit is locked and regenerates it only after the password is entered correctly.
PDABomb currently offers two levels of encryption in its standard version and can easily integrate third-party algorithms, including military-grade encryption.
"With the support of Asynchrony's unique collaborative development community, PDABomb will continue to rapidly add enhancements and respond to feedback from both our commercial and governmental clients," said Asynchrony president Bob Elfanbaum. "PDABomb will continue to lead the industry in its sophisticated approach to Palm OS security."
For more information about PDABomb, visit www.pdabomb.com
