Results 1 to 6 of 6
Like Tree1Likes
  • 1 Post By Preemptive
  1.    #1  
    I'm starting a thread for vulnerabilities and any fixes for legacy webOS. This is not for general bugs, but for vulnerabilities that could allow system access or expose private data to a remote connection.

    If you know of any vulnerabilities that will allow a malicious hack, post them here (ideally with a link to the forum thread or any supporting information).

    We will hopefully then have a list of problems, suggested remedies and actual fixes.

    Off the top of my head: We had Heartbleed, which I think was fixed by the OSSL update..? Or maybe the original version was unaffected..? (0.98k)

    Krack Hack can be fixed if anyone wants to...

    Meltdown and Spectre... I thought these weren't a problem as the chips are mostly ARM 7, but apparently they are Cortex8 (not really sure what that is) and ARE vulnerable.

    I've also seen a mention of 'Dirty Cow'. I think this may have been used to gain root on webOS TVs, but legacy is likely vulnerable.

    I'll look into these things and update, but obviously, post below if you know about this stuff.

    I think a general warning is that any device can likely be compromised if someone can get their hands on it and I think this has been proven in the case of webOS. I don't think we need to bother with exploits that require physical access.
    Last edited by Preemptive; 01/27/2018 at 04:04 AM.
    anon(8063781) likes this.
  2. #2  
    I would not worry at all about Meltdown and Spectre.

    Those 2 are more of a cry wolf (so that some people profit from it) than a danger. There are no exploits meanwhile the "patches" are creating havoc on various levels.. avoid installing any updated bios or this month windows updates , if you have not yet done either of those. Moreover who in his sane mind would create native code to inject on a platform with our numbers ?
  3.    #3  
    Quote Originally Posted by mazzinia View Post
    I would not worry at all about Meltdown and Spectre.

    Those 2 are more of a cry wolf (so that some people profit from it) than a danger. There are no exploits meanwhile the "patches" are creating havoc on various levels.. avoid installing any updated bios or this month windows updates , if you have not yet done either of those. Moreover who in his sane mind would create native code to inject on a platform with our numbers ?
    I don't disagree & I'm aware that apparently Meltdown & Spectre attacks have to be quite carefully constructed to work. I have no idea whether the age of the javascript engine would actually prevent code execution of these attacks.

    It has been pointed out to me that 7 years of no official updates means that legacy webOS is technically very insecure & my response was, "security through obscurity". A weak response, but as you remark about user numbers, there's very little profit to be had from targeting us. That said, webOS is Linux-based & shares many common components with other distros, so the danger of indiscriminate, 'drive-by' attacks remains (e.g. Krack Hack). On the other hand, this commonality can enable community members with the skills to apply existing fixes to webOS.

    This is just a list to track all the various issues (and fixes where they exist). If service pack meta-doctors ever come to pass, fixes can be included. The relative dangers of each vulnerability can be discussed here or on the specific threads.
  4. #4  
    Yep, agreed.
    By the way, security through obscurity is by no way a weak response. That's ibm motto ( old os/400 ) and hp ( nonstop servers )
  5.    #5  
    Here's another possible flaw: Decade-old Bluetooth flaw lets hackers steal data passing between devices.

    I'm not clear if it's H/W specific, though it's a software fix - possibly dependent on the chipset or driver?

    I always wondered how they got phones to "force pair" in Person of Interest. Now I know.
    Last edited by Preemptive; 07/25/2018 at 09:12 PM.
  6. #6  
    Well, anyway bt is sort of limited to headphones in our case

Similar Threads

  1. Webview, local files, and cookies
    By Shuswap in forum webOS Development
    Replies: 10
    Last Post: 05/16/2018, 02:40 PM
  2. Palm/WebOs collection for sale.
    By siobhanellis in forum Marketplace
    Replies: 18
    Last Post: 03/18/2018, 11:32 AM
  3. Fixing optware-bootstrap
    By Novaldex in forum HP Pre 3
    Replies: 3
    Last Post: 01/24/2018, 09:41 AM
  4. How to fix these problems?
    By Salil in forum LG webOS TV
    Replies: 0
    Last Post: 01/15/2018, 11:21 PM
  5. LG just upgraded WebOS from 4.0 to 5.30.01 ?
    By akitayo in forum LG webOS TV
    Replies: 4
    Last Post: 01/15/2018, 10:24 PM

Posting Permissions