Palm Treos ring up security flaws

Three versions of the smart phone carry vulnerabilities that could allow access to data even when the device is locked.

Dawn Kawamoto Former Staff writer, CNET News

Dawn Kawamoto covered enterprise security and financial news relating to technology for CNET News.

Dawn Kawamoto

Feb. 16, 2007 11:58 a.m. PT

Some versions of the Palm Treo carry security flaws that could allow a person in possession of the device to access data even when the handheld is locked, Symantec has warned.

The Palm Treo models 700p, 680 and 650 contain the security flaws, according to an advisory on Wednesday from Symantec's SecurityFocus Web site.

The vulnerabilities concern the way data is accessed on the Treo. They could allow anyone in possession of the device to use the "find" feature to locate data, even if the Treo is locked, according to a posting on the SANS Institute's Internet Storm site.

Palm has yet to release a fix to address the problem, SANS noted.

Palm said Friday it is working on a software update that addresses the security flaws on the Palm Treo models 700p and 680. The company said it is investigating "possible solutions" for the Palm Treo 650.

Palm, however, issued no specific timeline for when these updates would be available.