Slashdot Mirror

← Back to Stories (view on slashdot.org)

Palm WebOS Hacked Via SMS Messages

Posted by Soulskill on Monday April 19, 2010 @05:26AM from the and-a-sausage dept.

gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."

3 of 99 comments (clear)

Min score:

Reason:

Sort:

WebOS 1.4 by spiderbitendeath · 2010-04-19 05:41 · Score: 5, Interesting

My Pre is running the latest 1.4.1.1 WebOS version. I tried their "exploits" on it, it did nothing, had no affect on it. In the video they're running an outdated version of WebOS, 1.3.5. WebOS will download updates OTA automatically, and install them if you don't do it after a certain number of days. To me, the likeliness of these still being issues is close to null and void.

--
Sometimes when I'm working on projects things disappear, I suspect gremlins.
Re:Wow by teknopurge · 2010-04-19 06:59 · Score: 3, Interesting

There was an SMS exploit for a version of iPhone OS that would brick it, and just checking with a few people there are some nasty 0-days out there for it. At least you can't turn the Palm into a paperweight from 10,000 miles away...

--
Website Hosting
WebOS does display sanitization by default by ensignyu · 2010-04-19 07:00 · Score: 4, Interesting

You have to explicitly enable the "I know what I'm doing, stop protecting me" flag in your app to allow these types of exploits.
http://developer.palm.com/index.php?option=com_content&view=article&id=1756