Researchers have managed to crack Palm's webOS with a simple text message. The team at Intrepidus Group worked on a Palm Pre running the 1.3.5. version of the webOS operating system, and found it open to many common vulnerabilities due to its inherent design.
"As we started to pry a little it became quite apparent that Palm's new WebOS platform was riddled with some pretty dangerous bugs," said the team in a blog post.
"This also means that webOS applications are subject to the numerous web applications vulnerabilities that any seasoned penetration tester would be all too familiar with."
The researchers loved the operating system as a concept, but were scathing about the security of the handset, saying that Palm must have put "almost no thought into security".
They found common web application flaws built into applications that Palm had written itself.
The team said that the SMS system did not perform input/output validation. This allows an HTML injection attack by inserting an iFrame into the message, which is automatically activated. The team then demonstrated this in a video.
UPDATE: Intrepidus Group has updated its post to point out that its findings affect an older version of the Palm OS.
"Palm has since released WebOS 1.4, which fixes these vulnerabilities, though not all handsets or carriers are running this version. Due to contractual agreements, the public disclosure of this information was delayed," the firm noted.
Equinox's Dave Millett explores how phone, mobile and broadband could be affected by a no-deal Brexit
Dust storm on Titan only the third Solar System body where such storms have been observed
New technique could enable quantum computers to scale-up to millions of qubits
Systrom and Krieger taking time off "to explore our curiosity and creativity"