We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
78,797 News Articles

Palm Pre flaw means handset can be used as bugging device

MR labs says bug is exploited via a specially-crafted SMS

A flaw in the Palm Pre, which allows the handset to be used as a bugging device, has been discovered by MWR Labs.

According to the security firm, if the users receives a 'specially-crafted' text message, hackers can then use the handset as a recorder and transmitter, which picks up audio within range of the device's microphone.

"You receive a specially crafted business card and once you open it, game over," Alex Fidgen, director MWR Infosecurity, told V3.co.uk.

"We were surprised to find the lack of security architecture we needed to exploit in the way that we did."

The security firm also revealed mobile phones running older versions of the Google Android operating system were vulnerable to a flaw that gives hackers access to login and passwords for sites visited using the phone's web browser.

Fidgens told IT Pro: "There is just too much evidence that security isn't being incorporated by the mobile phone companies into their software."

"We don't think mobile phone companies are really ready to deal with security issues."

The security firm alerted both Google and Palm, which has recently been acquired by HP, about the flaws.

Google said the flaw has been fixed in 'Froyo' - version 2.2 of the OS - although the bug isn't exclusive to Android handsets.

"This is a bug which is not exclusive to Android and that can only be triggered if users visit a malicious website or access a malicious Wi-Fi network via their mobile phone," he said.

"We are not aware of any users having been affected by this bug to date, and it has been fixed in the latest version of our Android software. As always, mobile phone users can protect themselves by only visiting websites and using Wi-Fi networks they trust."

Palm, which said the current version of webOS fixes the security vulnerability, told IT Pro it takes security very seriously.

"While we do not comment on specific security enquiries, we do thoroughly investigate any potential security risks brought to our attention," the company said.

"We have procedures in place for security researchers to responsibly report risks and we partner with them to make sure any vulnerabilities are addressed and pushed to webOS users via our over the air update system,"

Fidgen said the firm had discovered flaws in other mobile devices and will disclose more details in the coming months.

See also: HP seeks PalmPad trademark


IDG UK Sites

Android One vs Android Silver vs Google Nexus: What is the difference?

IDG UK Sites

Apple updates MacBook Pro line-up: Price cuts & spec boosts for 6 MacBook Pro models

IDG UK Sites

Long live the internet fridge: the Internet of Things is coming

IDG UK Sites

How Prometheus' colourist Juan Ignacio Cabrera gave a tense, edgy feel to Chosen