Update: I was just kindly informed that Palm does indeed intend on also updating the Verizon version of the 700p in addition to the Sprint 700p. In other words, all of the currently-made PalmOS Treos will be receiving the security update. Thanks to Marlene Somsak for the note. This story has been modified to reflect this information.
As TreoCentral reported last week, Infoworld has uncovered what some consider to be a significant security flaw in PalmOS Treos. At issue is the "Find" feature, which in some cases can be used to bypass the PalmOS's built-in security features. In our original story, we noted how TreoCentral forum member dkirker created a stopgap patch that disabled the find button in some situations.
Yesterday, Marlene Somsak, Palm's VP of Communications, contacted InfoWorld - the site that originally broke the story. According to this story, Palm intends the address the security issue on some, but not all PalmOS Treos. Specifically, Somsak cited the Cingular Treo 680 and the Treo 700p.
As for the older Treo 650 and the even-older Treo 600, signs are much murkier. Said Somsak, "Palm has already done the revs they planned on the other products and hadn't planned to do more." This is not too surprising, given that Palm needs to keep their development focused on future products and innovation. On the other hand, it seems odd that whatever work is required to patch the 700p and the 680 wouldn't be easily applied to other PalmOS Treo models. It's not an impossibility, however, as InfoWorld notes "research is ongoing."
Perhaps the most surprising thing is that this security hole took so long to be noticed by not only Palm but also by the Treo community. Now that we have noticed it, it looks as though both Palm and the community are responding to it with as much haste as they can. Jennifer Chappel's article on the original security leak contains a couple of options PalmOS Treo owners can have for securing their Treos. Since the security breach requires you to have physical access to the Treo, probably your best "security option" is the same as it's always been: Don't lose your Treo.
