Update to Treo vulnerabilty entry

Palm may or may not be fixing your Treo, depending on the model.

Marlene Somsak, VP of Communications for Palm, Inc., emailed and called me concerning the recent Treo vulnerability and my concern over it not being fixed. She is as pleasant as they come. I really enjoyed talking to her, but I didn’t like the answer she had to relay.

She told me that Palm will definitely be fixing the vulnerability in Cinular 680’s and Sprint and Verizon 700p’s in an upcoming “rev”, but all other models will remain unfixed (until they can find a reliable solution, if ever).

Somsak relayed that the fixing the bug would require a software patch or ROM fix, both of which “would cause problems to many existing applications.” She continued, “Palm has already done the revs they planned on the other models and hadn’t planned to do more.”

I told her that most other vendors face similar issues (i.e. older products needing unplanned security patches), and almost all still fix the problem.

When I asked if Palm would ever patch other Treo models, she replied that she did not know, and that research is ongoing.

In closing, the Treo bug isn’t that big of a bug. It’s low risk and requires physical access to the Treo. But, yes, I’m truly concerned. Over the last decade or so, I’ve left or lost a few cell phones. The idea that unauthorized people may be able to see my personal information, phone numbers, and other information is disturbing. I even care about personal information, such as my kid’s cell phone numbers, garage door access codes, email addresses, etc.

But it isn’t the thing I find most concerning, it is the corporate attitude that they may or may not offer a fix to a product that is only 2 years old. I think my Treo cost me $600 when brand new. I bought not only a hot new phone, but a phone I figured I could use for a few years before it stopped being supported. As it stands now, it appears to be an unsupported legacy model.

Ah, just my one half cent.