The Palm Pre OS can bug you

BUG YOUR FRIENDS if they have a Palm Pre because its OS can be manipulated thanks to a zero day flaw that can be exploited with the help of an SMS text message.

A security team at Basingstoke based MWR Labs has found that an SMS can be used to subvert the OS completely. The flaw would allow the phone to be used as a recorder and transmitter for anything in its microphone's range.

"You receive a specially crafted business [SMS] card and once you open it, game over," Alex Fidgen, director of MWR Infosecurity said. "We were surprised to find the lack of security architecture we needed to exploit in the way that we did."

He explained that Palm's security systems didn't use sandboxing in this case, whereas such security precautions had been seen in Google's code.

The second Google related flaw the company disclosed was in older versions of the cross-platform Webkit layout tool. It would allow an attacker to harvest user logins and password details for sites visited on a handset but the flaw has been fixed in Android 2.2, according to Google.

"This is a bug which is not exclusive to Android and that can only be triggered if users visit a malicious website or access a malicious WiFi network via their mobile phone," Fidgen said.

"We are not aware of any users having been affected by this bug to date, and it has been fixed in the latest version of our Android software. As always, mobile phone users can protect themselves by only visiting websites and using WiFi networks they trust." µ