Andre Yoskowitz
20 Apr 2010 15:28
Intrepidus Group, a firm specializing in security and risk, has found an exploit for Palm WebOS firmware version 1.3.5, with the researchers sending a specially formatted SMS message that contains malicious HTML used to execute commands.
Says the group: "The security team was able to send SMS messages that would automatically open webpages and dial numbers to shut off the handsets radio . They say the reason the attacks are possible is because the OS is essentially a web browser written in javascript and HTML."
It is important to note that the exploit is for 1.3.5, and the newly released 1.4 fixes the vulnerabilities, although not all carriers have offered the new firmware OTA.
Palm has been struggling, with the company putting itself up for sale, with the company's software chief leaving, and retailers slashing prices just to get the phones off the shelves.