webOS prone to security attacks

Security researchers have revealed several critical flaws in webOS that allow malicious code to access system functions. Cross-site scripting vulnerabilities could be used to gain remote access to the device and even build a botnet.

Security firm SecTheory researchers Orlando Barrera and Daniel Herrera discovered three major holes – a floating-point overflow issue, a denial of service bug and the cross-site scripting flaw. Meanwhile, HP has worked on at least one of the holes, in the “Contacts” app, and will reportedly have it fixed as of webOS 2.0 beta. However, it seems that the others will remain unaddressed.

Barrera exemplified the findings and explained how XML HTTP Requests, a possible web communication channel, could be used to access the local file system. This means that user data could be extracted from the local database, which could include anything ranging from contact information to passwords and unencrypted messages like emails and SMS. We have seen previous concerns about webOS's security as the SMS client was found to be vulnerable to attacks as well.

The OS is extensively using JavaScript to dynamically run core functionality, while system commands are passed on via HTTP locally. This leaves non-protected user-generated content susceptible to attacks. Just how much should we care about this depends only on what we store in our phones. But smartphones are getting closer to being in everyone's pocket and are becoming a vital part of our personal lives. And this could mean putting security first.

source: eWeek via Engadget

Get Visible as low as $20/mo for 1 year. Limited time offer with code: FRESHSTART

$20 /mo

$25

$5 off (20%)

Offer Ends 6.1.2026 at 11.59pm ET. New members get $5/mo off the $25/mg Visible plan, $35/mo Visible+ plan, or $45/mo Visible+ Pro plan for the first 12 months. Promo code FRESHSTART required at checkout.

Buy at Visible