14 DAY TRIAL // Palm's webOS platform seems to include a series of quite “shocking” vulnerabilities, mobile security consultancy Intrepidus unveils. According to the firm, the mobile operating system was delivered to the market with fundamental security issues and, even if Palm addressed and resolved a series of problems in this area, there still are a lot of other vulnerabilities that need be taken care of. All of these will be disclosed during this week, as Intrepidus is set to publish the results of a year-long investigation on the matter.
According to a recent article on CNBC, Chief Technology Officer Aaron Higbee, Intrepidus co-founder, said that he was shocked to discover some of the security breaches webOS came to the market with. This is not the best moment for Palm to learn that its mobile operating system has such major issues, that's for sure, since last week the company was rumored to be seeking for a buyer.
The vulnerabilities discovered in the webOS can lead to one taking full control of a device running under the platform through the sending of a simple text message. Aaron Higbee states that these issues enabled him remotely dial 911 from a handset as well as to get contact lists. The webOS platform is built as a mobile browser, and all weaknesses conventional browsers ever included might emerge in Palm's operating system too.
According to Intrepidus, the most surprising discovery was that Palm hadn't focused on ensuring the handsets are protected against a series of issues previously known to exist. “Palm released this WebOS with prior knowledge that these web app vulnerabilities existed. They rushed it to market,” Higbee commented.
"Security is very important to Palm. And we have a track record of quickly responding to reports of suspected vulnerabilities through our established reporting process. Our over-the-air updates allow us to seamlessly correct any vulnerabilities that Palm or the community identifies. We are unable to address vulnerabilities that are not responsibly reported to us, but are committed to working with any third parties who contact us,” Palm spokesperson Lynn Fox told CNBC.