Slashdot Mirror


Palm WebOS Hacked Via SMS Messages

gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."

2 of 99 comments (clear)

  1. Wow by coniferous · · Score: 5, Insightful

    I cannot belive that: a) An exploit like this exists. SANITIZE ALL INPUTS! b) It took this long to find. This reminds me a lot of the exploit on android where it acted like all text entered was typed into a terminal.

  2. Re:Lol by jsnipy · · Score: 4, Insightful

    Its more about testing processes as opposed development processes ("coding").

    --
    -- if you mod me down, I will become more powerful than you can possibly imagine