Android and Palm phones riddled with security holes, researchers warn

Smart phone security is back in the spotlight, with both the Android and Palm WebOS mobile operating systems reported to be vulnerable to attack.

Security professional Thomas Cannon revealed details of a problem in Android, which allows naughty people to steal data from your SD card if you visit a website they've booby-trapped. He said it was a simple exploit involving JavaScript, and could work on different handsets and multiple versions of Android.

Here's a video of the exploit, using an Android emulator with Android 2.2, successfully tested on the HTC Desire.

Cannon informed Google, which investigated the problem immediately. It aims to stick something into an Android 2.3 Gingerbread bug fix after the forthcoming update is made available. An initial patch was also being looked at.

Android isn't the only smart-phone platform suffering problems. There are multiple vulnerabilities in Palm's WebOS which could let a hacker create a mobile botnet, or attack in other ways, Dark Reading reports. Some have been fixed with the WebOS 2.0 beta, but issues with this update have emerged too.

WebOS is less secure than other smart phones, US researchers claim, due to features of the environment that make it simple to build apps. The attacks aren't serious at this stage, but researchers warn they could worsen if WebOS devices become more popular for business.

While Palm devices aren't numerous enough to make attacks profitable, the Android platform is another matter, due to its market share increasing remarkably in the last year. If this trend towards ubiquity increases, and it looks likely to, Google will face similar problems to those Microsoft has had with Windows for years.

This is a boon for security firms, but not so good for Android owners. Few people think about the data they carry on their phones, but increasingly we'll have to be as careful with our mobile habits as with our desktop browsing.