A British internet security company has demonstrated how to turn the Palm Pre into a secret bugging device, ideal for corporate espionage, and issued a warning that many other popular smartphones are also vulnerable to hackers. Hewlett-Packard acquired Palm two months ago, in part so it could use the Pre operating system on future smartphones.
MWR InfoSecurity have created a bug hidden in an electronic business card, (vcard), which enabled them to use the Palm Pre to record conversations and send the audio files back to them whenever the device connects to a WiFi or 3G network – all without the user being aware anything is happening. The company’s principal security researcher known only as Nils, hired by MWR last year having been a freelance “hacker” in his teen years – demonstrated the security flaw to journalists and IT specialists, saying the phone was “easy” to break into.
Nils also revealed that MWR found a serious security flaw in Google’s Android software, used as the operating system for a growing number of popular smartphones. The flaw allows a hacker to harvest all the usernames, passwords and browser history saved in an Android phone’s web browser. “The Android phone does have some security built in, but the Palm system seems unprotected and extremely vulnerable,” he said.