A security researcher has discovered a couple of major flaws with Nokia?s mid-rage handsets, which allow him to remotely install malicious application with unprecedented capabilities. He?s keeping the details to himself though unless someone is willing to give him EUR20, 000.
The issues are apparently with Nokia?s series 40 platform, which is the proprietary OS and application stack used in the majority of Nokia?s mid-range handsets. The flaw allows an attacker to install Java applications on to the handset remotely before permitting those apps to access phone functions that should be secured by the Java sandbox.
The flaws have been discovered by Adam Gowdiak. His website doesn?t give away much, but it has been established that the initial installation is performed using a silent WAP-Push command, one that bypasses the usual user interaction, in a process that also executes the newly-downloaded application As well as this, Gowdiak has discovered a way to trick the Java Virtual Machine in to thinking his apps have authorisation to every API on the handset, including native Series 40 functions.
Gowdiak believes the hack may be applicable to other handsets using Sun’s Java reference implementation, though it’s hard to know how widespread the problem is. At worst the problem could affect hundreds of millions of devices, and given that a malicious app can be installed with just a phone number, the risk is huge. A good hacker could infect a few million phones within hours.
As of yet, Nokia have not batted an eyelid (publicly that is) but Gowdiak has spoke to both Nkia and Sun, but as of yet neither company is willing to part with EUR20, 000 for the details. The problem for Gowdiak is that Nokia or Sun won?t pay that kind of money without knowing what they are buying, which leaves Gowdiak with a choice: He needs to either sit on the information and forget about it, hoping that no-one else figures it out, or he could sell the knowledge to the dark side of the net?