All the latest UK technology news, reviews and analysis

Rogue SMS turns Palm Pre into bugging device

by Iain Thomson

More from this author

12 Aug 2010

Be the first to comment

  • Tweet this
Palm Pre
Researchers said they were 'surprised' to find the Pre security lapse

A team at MWR Infosecurity has uncovered a zero-day flaw in the Palm Pre operating system which allows the handset to be used as a bugging device.

Alex Fidgen, director of MWR, told V3.co.uk that a specially crafted text message can subvert Palm's webOS completely.

Further reading

The flaw allows the phone to be used as a recorder and transmitter for anything within its microphone's range.

"You receive a specially crafted business card and, once you open it, game over," said Fidgen. "We were surprised to find the lack of security architecture we needed to exploit in the way that we did."

Palm's security systems do not use sandboxing in this case, unlike the security precautions seen in Google's code, Fidgen explained.

Palm, now part of HP, did not return requests for comment.

MWR also disclosed a flaw in older versions of the cross-platform WebKit layout tool which could allow an attacker to harvest user log-ins and passwords for sites visited on a handset.

The vulnerability has been fixed in Android 2.2, a Google spokesman told V3.co.uk.

"This is a bug which is not exclusive to Android and that can only be triggered if users visit a malicious web site or access a malicious Wi-Fi network via their mobile phone," he said.

"We are not aware of any users having been affected by this bug to-date, and it has been fixed in the latest version of Android. As always, mobile phone users can protect themselves by only visiting web sites and using Wi-Fi networks they trust."

Do you agree?

Add your comment
 

Add your comment

We won't publish your address
By submitting a comment you agree to abide by our Terms & Conditions. Your comment will be moderated before publication.
Submit your comment

Latest stories from Communications

Skype for Windows screen shot

Skype for Mac 5.5.0.2340

Related white papers

Related articles

Related jobs

Today's top stories

Google logo

Google’s Motorola acquisition cleared by European and US competition authorities

Asus Transformer Prime vs Apple iPad 2

Apple iPad 2 vs Asus Transformer Prime head-to-head review

Apple logo

Apple commissions independent inspection of Foxconn iPhone and iPad factories

Poll

IT priorities for 2012

What is the most important IT priority for your company this year?

99%

0%

1%

0%

0%

Features

V3 and The INQUIRER editor Madeline Bennett

BBC and Sky News show tough love with Twitter policies

V3's Rosalie Marshall

World indulges in a Facebook facts fest as firm prepares to float

facebook-new

Top five most interesting figures from Facebook’s IPO

Khidr headshot

Intel will prove Steve Jobs wrong in the mobile market

More features

Connect with V3.co.uk

Sign up to our daily or weekly newsletters

Case studies and reports

Accurev

Top 5 software development challenges

This paper focuses on a series of best practices and techniques for development teams looking to improve their software development processes

Talend

Rubbish in, rubbish enterprise

Why good data management at all levels is essential in the modern business (video, 6mins)

Technology jobs

PHP Developer - PHP 5, HTML, CSS, MVC

PHP Developers - Fixed Term Contracts (initially 6 months...

Junior Ruby on Rails Developer - London - Permanent

Junior Ruby on Rails Developer - London - Permanent...

Project Manager

A Project Manager is required to join a leading Insurance...

CCIE Network Engineer

CCIE Network Engineer required with fluent Hungarian...

To send to more than one email address, simply separate each address with a comma.