Palm WebOS Security

EDIT: Put in Videos and link to original article

As you may well know Verizon is hosting the new PALM devices: the Pre Plus and the Pixi Plus. For the most part the update was to be considered a substantial one. At first glance the device is pristine and slick. The new webOS operation system that was put on these devices was supposed to be fast and great way for developers to make apps. Unfortunately there are some major issues.

Besides just the usual bugs and issues there has just been released an update on the vulnerabilities of the operating system. The webOS is a web browser essentially. All applications are simple web apps and are written in HTML and JavaScript. This of course represents some obvious issues. The security team that hacked the Palm device did so with simple SMS. They would simply send a txt message with HTML scripting injection instructions. So the user would receive a text. They open the text which appears to be blank, but actually contains a simple HTML injection packet. The injection packet can easily access any feature on the phone because of the simple web application programming it uses.

The hacker for instance could send a certificate to the phone allowing a site to have complete access to the cookies and data history from the phone. Seeming as how a lot of people do online banking and other confidential things on their smart phones now they would have complete access to a lot of personal information. The list of things to do is endless! They could have a video auto stream, open up a malicious webpage, even download an app that hacks the phone. My favorite though is to dial a special number which turns off the radio (no cell service after that) and it doesn’t show what it dialed so the person couldn’t redial it and they can’t receive or dial out either.

This also makes the network that the phone is on vulnerable to attacks. Apps are also vulnerable to attacks which can initially harm the company. People are now bashing on Palm for their lack of security and to that Palm responds with “we care about security” in a CNBC story covering the problems. The Group has also put up their article on it and made a video:

Original Article

Thanks for reading. Signing out with my newest Wad of Trash added to the Trash Can.


Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s