Results 1 to 12 of 12
Like Tree5Likes
  • 1 Post By Preemptive
  • 1 Post By Fred Zyphal
  • 1 Post By NuclearKev
  • 1 Post By Nimroth999
  • 1 Post By Kai00
  1.    #1  
    I'm starting a thread for vulnerabilities and any fixes for legacy webOS. This is not for general bugs, but for vulnerabilities that could allow system access or expose private data to a remote connection.

    If you know of any vulnerabilities that will allow a malicious hack, post them here (ideally with a link to the forum thread or any supporting information).

    We will hopefully then have a list of problems, suggested remedies and actual fixes.

    Off the top of my head: We had Heartbleed, which I think was fixed by the OSSL update..? Or maybe the original version was unaffected..? (0.98k)

    Krack Hack can be fixed if anyone wants to...

    Meltdown and Spectre... I thought these weren't a problem as the chips are mostly ARM 7, but apparently they are Cortex8 (not really sure what that is) and ARE vulnerable.

    I've also seen a mention of 'Dirty Cow'. I think this may have been used to gain root on webOS TVs, but legacy is likely vulnerable.

    I'll look into these things and update, but obviously, post below if you know about this stuff.

    I think a general warning is that any device can likely be compromised if someone can get their hands on it and I think this has been proven in the case of webOS. I don't think we need to bother with exploits that require physical access.
    Last edited by Preemptive; 01/27/2018 at 04:04 AM.
    anon(8063781) likes this.
  2. #2  
    I would not worry at all about Meltdown and Spectre.

    Those 2 are more of a cry wolf (so that some people profit from it) than a danger. There are no exploits meanwhile the "patches" are creating havoc on various levels.. avoid installing any updated bios or this month windows updates , if you have not yet done either of those. Moreover who in his sane mind would create native code to inject on a platform with our numbers ?
  3.    #3  
    Quote Originally Posted by mazzinia View Post
    I would not worry at all about Meltdown and Spectre.

    Those 2 are more of a cry wolf (so that some people profit from it) than a danger. There are no exploits meanwhile the "patches" are creating havoc on various levels.. avoid installing any updated bios or this month windows updates , if you have not yet done either of those. Moreover who in his sane mind would create native code to inject on a platform with our numbers ?
    I don't disagree & I'm aware that apparently Meltdown & Spectre attacks have to be quite carefully constructed to work. I have no idea whether the age of the javascript engine would actually prevent code execution of these attacks.

    It has been pointed out to me that 7 years of no official updates means that legacy webOS is technically very insecure & my response was, "security through obscurity". A weak response, but as you remark about user numbers, there's very little profit to be had from targeting us. That said, webOS is Linux-based & shares many common components with other distros, so the danger of indiscriminate, 'drive-by' attacks remains (e.g. Krack Hack). On the other hand, this commonality can enable community members with the skills to apply existing fixes to webOS.

    This is just a list to track all the various issues (and fixes where they exist). If service pack meta-doctors ever come to pass, fixes can be included. The relative dangers of each vulnerability can be discussed here or on the specific threads.
  4. #4  
    Yep, agreed.
    By the way, security through obscurity is by no way a weak response. That's ibm motto ( old os/400 ) and hp ( nonstop servers )
  5.    #5  
    Here's another possible flaw: Decade-old Bluetooth flaw lets hackers steal data passing between devices.

    I'm not clear if it's H/W specific, though it's a software fix - possibly dependent on the chipset or driver?

    I always wondered how they got phones to "force pair" in Person of Interest. Now I know.
    Last edited by Preemptive; 07/25/2018 at 09:12 PM.
  6. #6  
    Well, anyway bt is sort of limited to headphones in our case
  7.    #7  
    Uh Oh!
    Fun fact: GPS uses 10 bits to store the week. That means it runs out... oh heck – April 6, 2019

    Any comments on whether this will affect us? I'm betting it will...

    Not a security risk, but GPS is part of the whole system. If webOS is affected, a firmware update will be needed to keep it working.
  8. #8  
    This basically means newer receivers built after, say, 2010 should be fine, provided they follow the specs and notice the rollover.
    We might be ok.
    Did you know:

    webOS ran on a Treo 800 during initial development.
  9. #9  
    Quote Originally Posted by dkirker View Post
    We might be ok.
    Well, today is the day ... My Pre 3 running 2.2.4 is still working fine, didn't explode or anything, and all location based apps still work, except Google maps of course.

    Anybody else?

    Just a quick addendum, I own a Garmin Quest, it's ancient, made back in early 2004. I still own it because my Harley has a mount for it built in to the handle bars, and I can keep it working and updated with the help of a Garmin hacking website I know of. Anyway, long story short, it's still working fine as well.
    Last edited by Fred Zyphal; 04/08/2019 at 04:19 PM.
    Preemptive likes this.
  10. #10  
    Mine is fine too

    -- Sent from my Palm Pre3 using Forums
    Preemptive likes this.
  11. #11  
    Everything works fine - veer on 2.2.4

    -- Sent from my Palm Veer using Forums
    Preemptive likes this.
  12. #12  
    It happened at 23:59:42 UTC on April 6: https://www.abc.net.au/news/science/...lites/10966218
    But yes, like Nimroth999, GPS still works on my Veer (2.2.4 also).
    Preemptive likes this.

Similar Threads

  1. LG just upgraded WebOS from 4.0 to 5.30.01 ?
    By akitayo in forum LG webOS TV
    Replies: 6
    Last Post: 04/07/2019, 02:10 AM
  2. Palm/WebOs collection for sale.
    By siobhanellis in forum Marketplace
    Replies: 19
    Last Post: 09/04/2018, 12:08 PM
  3. Webview, local files, and cookies
    By Shuswap in forum webOS Development
    Replies: 10
    Last Post: 05/16/2018, 02:40 PM
  4. Fixing optware-bootstrap
    By Novaldex in forum HP Pre 3
    Replies: 3
    Last Post: 01/24/2018, 09:41 AM
  5. How to fix these problems?
    By Salil in forum LG webOS TV
    Replies: 0
    Last Post: 01/15/2018, 11:21 PM

Posting Permissions