“The firm’s co-founder and Chief Technology Officer Aaron Higbee tells me he was ‘shocked’ when he discovered how easily it was to hack Palm’s WebOS, believing the company rushed its operating system to market at the expense of addressing fundamental security issues,'” Goldman reports. “‘There is a problem with the architecture,’ says Higbee, who says the original security issues discovered have been addressed and resolved by Palm, but that once his firm’s methodology is published, ‘researchers will re-apply our methods. Palm and WebOS vendors are gonna have a slew of problems disclosed to them.'”
“‘I was shocked,’ says Rajendra Umadas, an Intrepidus consultant who made the initial discovery. ‘When I first stumbled upon it, I stood back from the computer and thought to myself, ‘I didn’t just do that, did I?’ So, I went out for some coffee, came back, I saw what I did and I was pretty shocked. It was too easy. It was definitely very shocking.’ What he had discovered was that merely by sending a single, SMS text to a WebOS handset, he could essentially take over the entire device. The vulnerabilities allowed him to remotely dial 911 from a handset and lift contact lists,” Goldman reports.
Full article here.
MacDailyNews Take: Wait, we lost count, was that cut number 999 or did we just hit a thousand?
Shame on Palm…
Content of text message:
“Go fsck yourself!”
Wasn’t the same type of exploit supposed to work on the iPhone? Or was that a only from a series of perfectly timed messages? My brain’s not functioning on Monday…
these exploits were on an older version of WebOS and were fixed by palm already.
/*
Our over-the-air updates allow us to seamlessly correct any vulnerabilities that Palm or the community identifies. We are unable to address vulnerabilities that are not responsibly reported to us, but are committed to working with any third parties who contact us.”
*/
NO – NOT if there is a problem with the underlying architecture.
It would be like saying- “we can fix the sinking Titanic sinking by adding more life rafts. ”
Also- Palm’s statement about reporting vulnerabilities is passive- they are actually blaming the “irresponsible” parties for not reporting the holes. Again- this is yet another reason why a once decent company went downhill.
Even if they do get fixed Palm is bleeding money they need to use for sales. “The company’s library of 400 patents and its WebOS operating system as crown jewels — the key to Palm’s true value — for any potential suitor.” I would think for most companies it would be better to let the patents and OS become public domain than save Palm from bankruptcy.
“But just about every expert following this drama has pointed to the company’s library of 400 patents and its WebOS operating system as crown jewels — the key to Palm’s true value — for any potential suitor.”
I keep hearing this. And every time I wonder: If the company’s patents are so valuable, why no suitor yet?
I honestly can’t identify a single piece of Palm technology that would be valuable to any given “suitor” other than a suitor that was hopelessly behind the eight-ball in mobile and wanted to get back in the mix (i.e. Nokia and/or Microsoft). And only then they’d be getting patents that, when applied by the author, failed in the marketplace.
IMHO the evidence is mounting that Palm’s patents are not as valuable as they have been reported.
@WetFX –
Patents don’t go into the public domain when a company declares bankruptcy. They’re sold, along with all the company’s other assets. WebOS might be valuable to a company with deeper pockets than Palm, who’s willing to fight for the leftovers of the smartphone market.
Even five or 10 percent of a huge market is worth going after. Just ask Apple.
The actual text was
“All your WebOS are belong to us….bitch”
Does anyone besides me find it hilariously ironic that palm had become the Microsoft of mobile phones even though Microsoft has it’s own mobile phone software?
Like, beleagured palm out-sucked Microsoft :O
they should get a corporate Darwin award…
I was “shocked” when I read this article, which was “shocking.” Wait, I need to say “shocked” again. Oh, good. (couldn’t they have thought of a new word,instead of repeating themselves?)
Now, I’m all for the Palm smackdown by the iPhone. However, didn’t the iPhone have a similar security problem a couple years ago?
Final comment: why is anybody bothering to research WebOS vulnerabilites? First, are there really that many at risk? Second, is there a market for security products? I mean, what’s the point? It’s like kicking someone who’s already down.
MDN Magic Word: “police” as in, someone call them! There’s someone getting mugged!
Now
Ace Frehley sez: “Shock Meeeee. Make me feel better..”