The Inquirer-Home

There will be no fix for a Palm Pre WebOS zero day flaw until 'Autumn'

Exclusive Don't accept those business cards
Tue Aug 17 2010, 05:04

SPIES CAN FEEL FREE to send malware laden business card texts to Palm's Pre smartphones because a patch to fix the flaw that allows such messages to turn the handsets into bugging devices won't be available until Autumn.

Basingstoke based MWR Infosecurity announced last week that the Palm Pre WebOS has a zero day flaw that allows the phone to be used as a recorder and transmitter for anything within range of its microphone. It seems that Palm's security systems don't use sandboxing that MWR Labs thinks could have stopped the malign SMS.

The INQUIRER learned of the lack of any patch for the problem until Autumn in an exclusive interview with MWR Infosecurity's Labs research division head of research Nils. He declined to disclose his family name, adding to the mystery.

Palm was not available for comment but in an earlier email sent to The INQUIRER it denied that the problem exists, saying, "The current version of webOS fixes the security vulnerability reported to Palm."

Go here to read about the Palm Pre's insecurities with the latest "notification" from MWR Labs. µ

 

Share this:

blog comments powered by Disqus
Advertisement
Subscribe to INQ newsletters

Sign up for INQbot – a weekly roundup of the best from the INQ

Advertisement
INQ Poll

Heartbleed bug discovered in OpenSSL

Have you reacted to Heartbleed?