Slashdot Mirror

← Back to Stories (view on slashdot.org)

Palm WebOS Hacked Via SMS Messages

Posted by Soulskill on Monday April 19, 2010 @05:26AM from the and-a-sausage dept.

gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."

4 of 99 comments (clear)

Min score:

Reason:

Sort:

Anonymous Coward by Anonymous Coward · 2010-04-19 05:43 · Score: 2, Informative

This has been fixed with the 1.4 update, not sure why it's news.
Re:WebOS 1.4 by X0563511 · 2010-04-19 06:04 · Score: 4, Informative

1.4 explicitly fixed these issues.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
Re:Intrepidus are straight up losers. by zullnero · 2010-04-19 06:59 · Score: 2, Informative

Oh, darn it. Slashdot's login script didn't execute in time for me to post this as myself.
Nohing to see here, please move along by loftwyr · 2010-04-19 08:35 · Score: 2, Informative

From the source release:
(Note: the findings herein affect WebOS 1.3.5. Palm has since released WebOS 1.4, which fixes these vulnerabilities, though not all handsets or carriers are running this version. Due to contractual agreements, the public disclosure of this information was delayed.)