Palm WebOS Hacked Via SMS Messages 99
gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."
Anonymous Coward (Score:2, Informative)
This has been fixed with the 1.4 update, not sure why it's news.
Re:WebOS 1.4 (Score:5, Informative)
1.4 explicitly fixed these issues.
Re:Intrepidus are straight up losers. (Score:3, Informative)
Nohing to see here, please move along (Score:3, Informative)
From the source release:
(Note: the findings herein affect WebOS 1.3.5. Palm has since released WebOS 1.4, which fixes these vulnerabilities, though not all handsets or carriers are running this version. Due to contractual agreements, the public disclosure of this information was delayed.)