Palm WebOS Hacked Via SMS Messages 99
gondaba writes "Security researchers at the Intrepidus Group have hacked into Palm's new WebOS platform, using nothing more than text messages to exploit a slew of dangerous web app vulnerabilities. The white hat hackers found that the WebOS SMS client did not properly perform input/output validation on any SMS messages sent to the handset, leading to a rudimentary HTML injection bug. Coupled with the fact that HTML injection leads directly to injecting code into a WebOS application, the attacks made possible were quite dangerous (especially considering they could all be delivered over an SMS message)."
WebOS 1.4 (Score:5, Interesting)
Re:Wow (Score:4, Interesting)
WebOS does display sanitization by default (Score:5, Interesting)
You have to explicitly enable the "I know what I'm doing, stop protecting me" flag in your app to allow these types of exploits.
http://developer.palm.com/index.php?option=com_content&view=article&id=1756 [palm.com]