British insecurity experts MWR InfoSecurity has uncovered a flaw in the Palm Pre which allows for the bugging of conversations “anywhere in the world” while a general flaw in Android allows for the nicking of user passwords through the internet connection.
The Palm Pre bug comes after the receipt of a maliciously built message which can then open a backdoor in the voice. Afterwards it can force the phone to record audio or send over stored data. Apparently it can be accessed remotely from whoever’s on the other end of the trojan and stolen data can be sent around through the normal carrier networks, turning the phone into a bugging device – taking notice, News of the World?
The second bug, the general Android flaw is found in the OS’ default phone browser, which can potentially allow for passwords to be harvested along with other sensitive information – including the standard targets like financial details and email.
MWR Labs says that the main concern is the increasing link of business to the mobile platform, so traditional models are “becoming blurred”.
Meanwhile Kaspersky has discovered some malicious software targeted at the Android platform. The software poses as a media player while secretly sending on text messages to premium rate numbers, costing a couple of dollars each. However, so far, the malware has only affected Russian Android users. The app is called “Movie Player” – something, hiding the Trojan-SMS.AndroidOS.FakePlayer.a as Kaspersky calls it, that would be best avoided.