Dear Bugtraq, The following information might be of interest for the readers of this list. Security Explorations (http://www.security-explorations.com), a new security research start-up company from Poland discovered two very serious security vulnerabilities in mobile Java technology [1] coming from Sun Microsystems and used by Nokia in its Series 40 platform [2] devices. The vulnerabilities allow to completely bypass Java security restrictions and conduct certain malicious actions on a vulnerable device. Research arm of Security Explorations proved that the following actions could be conducted in a reliable manner on selected Nokia phones: * arbitrary sms/mms/WAP PUSH sending * establishing of arbitrary phone calls * establishing of arbitrary Internet connections * full access to the files stored on a device * video and audio recording * full phonebook access * SIM card access * persistent and stealth backdoor code installation with the operator or manufacturers privileges The total number of vulnerable devices could reach the 1.5 billion [3] mark due to the high possibility that a reference implementation of Sun's mobile Java technology is affected (Sun Wireless Toolkit v. 2.5.2 is affected). Security Explorations was also able to discover multiple (14 in total) security issues in Nokia Series 40 devices that among other things allow for the remote exploitation of the mobile Java issues. Remote attackers can get unauthorized access to selected Nokia devices from arbitrary remote location. In a result, remote execution of malicious applications can take place. All of that can happen automatically and without the user consent. Remote attack and successful backdoor application installation against selected Nokia Series 40 devices was verified in the environment of a real GSM network in Poland. On selected Nokia devices, malicious application can be executed in the background, which means that it will be not visible on the screen at all. Such a feature of mobile Java implementation used in Nokia devices can be exploited by the attacker to silently control the vulnerable device. Security Explorations implemented the shell application that could be used to run arbitrary commands on a hacked Nokia Series 40 phone. Thank you. Adam Gowdiak ------------------------------------- Security Explorations http://www.security-explorations.com ------------------------------------- [1] http://java.sun.com/javame/index.jsp [2] http://www.forum.nokia.com/main/platforms/s40/ [3] http://dsc.sun.com/mobility/device/device