Scriblings Of A GEEK: Vulnerability hits Java for cell phones

Sunday, October 24, 2004

Vulnerability hits Java for cell phones

Hey Freinds Hope everyones having a lazy Sunday afternoon

NO OFFENCES MEAN TO ANY ONE OR ANY COMPANY BY MY POST BELOW

Heres what i came across surfing the net about Java Based cell phones . Looks like soon our O2 are going to be bundled with AV software.

A lot of ppl are posting exploits on Symbian handsets. I am hot having links handy for the symbian phone but will be posting as soon as i can search it from my History. :D

A Polish researcher has found two vulnerabilities in the cell phone version of Sun Microsystems' Java software that under unusual circumstances could let a malicious program read private information or render a phone unusable.

The flaws are difficult to exploit because malicious programs must be tailored to a specific model of cell phone, said Adam Gowdiak, a 29-year-old security researcher with the Poznan Supercomputing and Networking Center who discovered the vulnerabilities. He figured out how to attack a Nokia 6310i mobile phone, but the effort took four months, he said in a Friday posting to the BugTraq vulnerability mailing list.

Before the vulnerabilities could be exploited, a phone user would have to download and run a malicious Java program, called a midlet, Gowdiak said in an e-mail interview. He's not aware of a way to automate an attack.

He notified Sun of the vulnerabilities in August, and the company said it sent Java licensees a patched version of the vulnerable component, called the Java bytecode verifier, within two weeks.