back to article Security flaw creates Android, Palm Pre snoop risk

Security researchers have uncovered a flaw that creates a means to plant bugging software on Palm Pre devices. The vulnerability means that the Palm Pre phone might be compromised through the receipt of a maliciously constructed vCard. A doctored electronic business card sent by SMS or exchanged could be used to place a …

COMMENTS

This topic is closed for new posts.
  1. Rich 30
    Joke

    ha..

    We're all childish to laugh at this again, right?

    "specialises in penetration"

  2. Version 1.0 Silver badge
    Coat

    prophylactics for phones

    "As always, mobile phone users can protect themselves by only visiting websites and using wifi networks they trust." - now doesn't that just take all the fun out of it?

  3. Doug Glass
    Go

    Yeah Right!

    Re: "As always, mobile phone users can protect themselves by only visiting websites and using wifi networks they trust."

    How the hell do you determine if you should trust a given wifi network? Kind of like how you learn about hot water. Until you actually get burned the first time you're totally ignorant, but once you do get burned you connect the steam and heat radiated with pain.

    If you're going to make comments like this moron did you at least need to recommend how to do what you say should do. Otherwise you're just one more web junkie passing out worthless advice while having the feel of an educated idiot who needs and craves self aggrandizement.

    1. Guido Esperanto
      FAIL

      my thoughts exactly

      additionally, what assurances do you have that "trusted sites" are always safe? Or are there no website attacks anymore?

    2. Volker Hett
      Black Helicopters

      Trust nobody :)

      Any unknown WiFi network can't be trusted, those are the best places to start a man-in-the-middle attack on you.

      I use a VPN over every WiFi Network which is not mine, i.E. all but one.

      Black Helicopters, just because I'm paranoid does not mean they are not after me!

  4. Volker Hett
    Coat

    It has been fixed and acknowledged

    for quite some time now.

    http://kb.palm.com/wps/portal/kb/na/pre/p100eww/sprint/solutions/article/50607_en.html#145

    Mine's the one with the press pass in the pocket.

  5. D@v3
    FAIL

    hacking via SMS

    I've always been a bit surprised that this is possible, in as much as why does the message function need to have access to the parts of the device, that would make this possible.

    I seem to remember (some time ago) that there was a bug in some of the old Nokia handsets (5110 and others around that time) where if they received an SMS comprised of entirely ........ it would lock up the handset.

  6. vegister

    latest android software?

    "and it has been fixed in the latest version of our Android software."

    are they referring to 2.2? half of the android phone owners today will probably never get to run 2.2

  7. Anonymous Coward
    Anonymous Coward

    Er...

    Quote from the article: ", and it has been fixed in the latest version of our Android software."

    ... which the vast majority of Android users can't download and install. Brilliant.

    1. Anonymous Coward
      Anonymous Coward

      Just ....

      I thought this was supposed to be the benefit of an open platform? People get things fixed quicker than the big corps?

      Or you could go root and download the latest version? Not a techie? Just go get a new froyo handset. Your handset maker and operator will be happy. Google won't car either way.

  8. TeeCee Gold badge
    WTF?

    Palm Pre?

    Someone's gone to the trouble of finding a vuln on the Palm Pre?

    Oh well I guess that's the last nail in the coffin of "security through obscurity" then....

  9. Paul 172
    Thumb Up

    Congrats MWR

    Good work, more like this from British researchers please - IOActive and other American firms seem to have stolen the lead lately in vulnerability research...

  10. Anonymous Coward
    Anonymous Coward

    Trust?

    Only visit websites you trust... but the sites I visit show ads and those are served by sites I would never trust (only a fool would trust an advertiser)

  11. Michael C

    Wow

    Surprised all the apple Fanbolis are not in here getting their retaliation for the a$$ kicking you all gave them over the PDF exploit on iOS, which is even harder to pull off than this....

  12. kain preacher

    @vegister

    I thought I was going to be in that half as I have a first generation android . woke up this morning and had a system update. I'm now on 2.2. I wounder was it google or my carrier that did the update .

This topic is closed for new posts.

Other stories you might like