UK-based internet security firm MWR Infosecurity has discovered a zero-day flaw in Palm's Pre operating system, which allows the phone to be turned into a bugging device.
According to Alex Fidgen, director of MWR, the flaw allows any mobile phone running the webOS operating system to be turned into a bugging device that can be remotely operated by a hacker.
The phone can be used to record a conversation, while the stolen information can be forced to transmit through usual network carriers including a Wi-Fi or 3G network.
He said that a special text message sent to the phone, when opened, can exploit the webOS operating system.
"You receive a specially crafted business card and, once you open it, game over. We were surprised to find the lack of security architecture we needed to exploit in the way that we did," said Fidgen in an interview with V3.
Hewlett-Packard recently acquired Palm in a $1.2 billion dollar deal two months ago. HP has said that it is looking to use Palm's webOS in all future mobile devices.