MIDP’s and MIDlets put tens of millions Nokia S40 phones in danger

Polish security researcher Adam Gowdiak is the only person in the world (we really hope he is!) who knows the details of the recent J2ME vulnerabilities affecting to Nokia mobile phones.

The research material includes information about

reliable MIDP 2.0 privilege elevation technique for Nokia Series 40 devices

and

Nokia specific exploitation technique leading to the remote and persistent deployment of a backdoor shell application into the target Nokia Series 40 phone

Mr. Gowdiak has tested 7 Nokia Series 40 models.

Needless to say that this information in the hands of bad guys is dangerous.

And related to the devices – Nokia Series 40 shipped with 3rd edition Feature Pack 2 and 3rd edition are affected.

Share
  • Just Guess

    Sorry to break your bubble, but he sells the vulnerabilities quite cheaply, for a measly 20,000 EURO.

    20,000 EURO is not a lot for taking control over so many phones. Simply sending out SMSes from all these phones to a pay-by-SMS system would generate more than 20,000 EURO

  • http://alltechnoblog.com/ Ravi

    i think this comment who wrote with Just Guess name, he is right