“The webOS SMS client wasn’t performing input/output validation on any SMS messages sent to the handset,” the security company said. “This leads to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a webOS application, the attacks made possible were quite dangerous (especially considering they could be delivered over a SMS message).”
The “good” news is that this vulnerability is only applicable for webOS 1.3.5, and many U.S. users should already be on 1.4. Still, the mobile security firm was very harsh on Palm:
We understand, of course, that there are a number of competing interests that go into the development of a new mobile platform … However, we feel that Palm put almost no thought into security during their development of webOS. All of the low hanging fruit discovered should have been identified in the most basic of threat models, which should have been performed during the very early development stages of webOS, way before any code was written.
Wow. I’m not a security nut by any measures but a widespread attack on mobile phones could set this industry back a long time, so you need to get your game together Palm! At least if the company gets acquired, it will have more resources to focus on security. Check out the video below to see how easy it is to crack webOS.
Sell Your Old Cell Phone for Cash
Select your device below to begin:
Buy a New Cell Phone
Best Sellers from AT&T
New Releases from AT&T
See all cell phones from AT&T
Best Sellers from Sprint
New Releases from Sprint
See all cell phones from Sprint
Best Sellers from Verizon
New Releases from Verizon
See all cell phones from Verizon