I still need the reassurance of a familiar brand before it's a real story - Tony Maddox, CNN senior VP
SPIES CAN FEEL FREE to send malware laden business card texts to Palm's Pre smartphones because a patch to fix the flaw that allows such messages to turn the handsets into bugging devices won't be available until Autumn.
Basingstoke based MWR Infosecurity announced last week that the Palm Pre WebOS has a zero day flaw that allows the phone to be used as a recorder and transmitter for anything within range of its microphone. It seems that Palm's security systems don't use sandboxing that MWR Labs thinks could have stopped the malign SMS.
The INQUIRER learned of the lack of any patch for the problem until Autumn in an exclusive interview with MWR Infosecurity's Labs research division head of research Nils. He declined to disclose his family name, adding to the mystery.
Palm was not available for comment but in an earlier email sent to The INQUIRER it denied that the problem exists, saying, "The current version of webOS fixes the security vulnerability reported to Palm."
Go here to read about the Palm Pre's insecurities with the latest "notification" from MWR Labs. µ
Sign up for INQbot – a weekly roundup of the best from the INQ