14 DAY TRIAL // webOS, the mobile operating system Palm announced officially in the beginning of the last year, comes with a series of critical security issues, experts confirmed. Among these flaws, there is a cross-site scripting issue, which could allow hackers to gain remote control of devices. Orlando Barrera and Daniel Herrera of SecTheory say that there are three unique flaws with the OS that are tagged as critical: a floating-point overflow issue, a denial-of-service bug and the cross-site scripting vulnerability.
According to Barrera, these vulnerabilities could threaten security of devices in various ways.
“For example, utilizing the cross-site scripting issue we are able to conduct the following attacks: remote command and control. By using JavaScript to dynamically modify the user experience, an attacker is able to control aspects of the device over time,” he said, a recent article on eWeek reads.
“This in essence is the foundation of a botnet, [and] with time and effort I believe it is feasible for an attacker to complete a functional command and control program for this device.”
The researchers discovered the issues in the webOS version 1.4.x, and said that they worked with the webOS 2.0 beta platform as well.
According to them, the cross-site scripting injection flaw was fixed by Palm with the release of webOS 2.0 beta version of the mobile operating system.
However, webOS 2.0, the latest version of the operating system, might still have the floating-point overflow and denial-of-service issues, Barrera said.
Of course, these are not the first security holes that webOS was said to come to the market with, nor will them be the last one's that's for sure. But we should note that this is not the only mobile OS plagued by such issues.
The platform is web-tech based, which means that, potentially, one could use techniques similar with those used for hacking websites to exploit various security holes webOS might have.
All in all, things might indeed seem worrying, especially with mobile phones are involved in this deal, since they include a wide range of personal info.