Major vulnerabilities in the Palm Pre and Android smartphones have been detected that could allow data to be stolen.
Research by MWR Labs has revealed a major flaw in the Palm Pre that would allow conversations to be intercepted, while a flaw in the Android operating system from 2.0 onwards exists in the browser and allows login credentials and cookies to be harvested.
A spokesperson demonstrated that sending a Vcard to the Palm Pre allows an attacker to compromise the phone and intercept all audio close to the phone. They said that this is a completely focussed attack that targets a specific user. Alex Fidgen, director at MWR Labs told SC Magazine that this represents industrial espionage and if this was done over a carrier network it would be breaking the law. (more)
