“It’s the last thing Palm needed to hear: The crown jewel in its family of assets, its WebOS operating system, is fraught with security vulnerabilities, according to mobile security consultancy Intrepidus which will release details of a year-long investigation early next week,” Jim Goldman reports for CNBC.
“The firm’s co-founder and Chief Technology Officer Aaron Higbee tells me he was ‘shocked’ when he discovered how easily it was to hack Palm’s WebOS, believing the company rushed its operating system to market at the expense of addressing fundamental security issues,'” Goldman reports. “‘There is a problem with the architecture,’ says Higbee, who says the original security issues discovered have been addressed and resolved by Palm, but that once his firm’s methodology is published, ‘researchers will re-apply our methods. Palm and WebOS vendors are gonna have a slew of problems disclosed to them.'”
“‘I was shocked,’ says Rajendra Umadas, an Intrepidus consultant who made the initial discovery. ‘When I first stumbled upon it, I stood back from the computer and thought to myself, ‘I didn’t just do that, did I?’ So, I went out for some coffee, came back, I saw what I did and I was pretty shocked. It was too easy. It was definitely very shocking.’ What he had discovered was that merely by sending a single, SMS text to a WebOS handset, he could essentially take over the entire device. The vulnerabilities allowed him to remotely dial 911 from a handset and lift contact lists,” Goldman reports.
Full article here.
MacDailyNews Take: Wait, we lost count, was that cut number 999 or did we just hit a thousand?