Log in

View Full Version : Java Bug Could Lead To Compromised Phones


Mike Temporale
10-24-2004, 05:22 PM
<div class='os_post_top_link'><a href='http://www.theregister.co.uk/2004/10/22/mobile_java_peril/' target='_blank'>http://www.theregister.co.uk/2004/10/22/mobile_java_peril/</a><br /><br /></div><i>"Phreakers could seize control of users' mobile handsets, send arbitrary messages or render phones unusable because of a brace of Java-related security vulnerabilities, a security researcher warns. The problems have been demonstrated on a Nokia 6310i handset and might also apply to other phones running flawed implementations of mobile Java (J2ME). Each of the vulnerabilities can be used to "completely break Java security on a mobile device and to obtain access to the phone data and underlying operating system's functionality", according to Adam Gowdiak, a security researcher at Poland's Poznan Supercomputing and Networking Center, who discovered the problems. Both vulnerabilities are implementation flaws in Java Virtual Machine developed by Sun Microsystems."</i><br /><br />It appears the carriers worst fear has become a reality, the ability to compromise a mobile device, and thus putting the users data and their network at risk. There have been a couple small vulnerabilities in the past, but nothing that allowed this type of access to the device. :( <br /><br />The good news is that this flaw doesn't appear to effect any Windows Mobile based Smartphones. At least, not that we know of anyway. We still recommend that you practice safe computing or Smartphone-ing in this case. :wink: Keep your personal data in an encrypted wallet, and make sure you keep a backup. :)