ROM Update

Home

Consumer

Enterprise

Developer

Site Map

VARs

	Software
	Accessories
	Go Wireless
	Product Info
	Tips & Tricks
	News
	Downloads
	Where To Buy
	Support
	Register
	Warranty
©2004 Sharp Electronics Corporation Terms of Use Privacy Policy

SHARP Customer Care Bulletin
Open FTP Access on SL-5500 and SL-5000D

This page describes a potential security risk when the Zaurus unit is connected to a LAN.

Document number: 001
Date posted: 8/5/2002
Open FTP Access on SL-5500 and SL-5000D
Affected products: SL-5500, SL-5000D
Affected system software: ROM Version 2.37 or earlier

Problem

The Zaurus uses a protocol similar to FTP when performing synchronization over the serial or USB cable. If the Zaurus is connected to a network, a person connected to the same network could also access the Zaurus using the FTP service, resulting in a possible security risk.

The security risk only applies when all of the following conditions exist:

The Zaurus must be connected to a network using a CF 802.11b, CF LAN, or CF 56K v.90 modem. Any Zaurus unit that is not connected to a network (for example, only attached to a PC) will not be exposed.

The attacker must have access to the same network that the Zaurus is connected to. A Zaurus connected to the Internet via an ISP is not at risk from others connected to the Internet.

The attacker must be an advanced networking user able to determine the Zaurus IP address and ports used for FTP service.

The attacker must have an advanced understanding of the synchronization protocol used by the Zaurus.

Solution

Sharp has an updated System ROM which only allows external access for synchronization with a PC, and restricts all other external access. This update will restrict access from other network devices while still allowing the Zaurus network access (Internet and email).

The System ROM update can be downloaded from www.myZaurus.com.