![](http://investorshub.advfn.com/images/default_ih_profile2_4848.jpg?cb=0)
Monday, October 25, 2004 11:11:21 AM
By Stephen Shankland, CNET News.com
http://uk.news.yahoo.com/041025/152/f58w1.html
A security flaw has been revealed in Sun's Java platform for mobile phones, but no attempts to exploit it have yet been found
A Polish researcher has found two vulnerabilities in the cell phone version of Sun Microsystems' Java software that under unusual circumstances could let a malicious program read private information or render a phone unusable.
The flaws are difficult to exploit because malicious programs must be tailored to a specific model of cell phone, said Adam Gowdiak, a 29-year-old security researcher with the Poznan Supercomputing and Networking Centre who discovered the vulnerabilities. He figured out how to attack a Nokia 6310i mobile phone, but the effort took four months, he said in a Friday posting to the BugTraq vulnerability mailing list.
Before the vulnerabilities could be exploited, a phone user would have to download and run a malicious Java program, called a midlet, Gowdiak said in an email interview. He's not aware of a way to automate an attack.
He notified Sun of the vulnerabilities in August, and the company said it sent Java licensees a patched version of the vulnerable component, called the Java bytecode verifier, within two weeks.
"We have not seen any attempts to exploit this vulnerability, but if there is one, the user can simply delete... the applications they downloaded from an untrusted source," said Eric Chu, Sun's director of marketing for the Java 2 Micro Edition, or J2ME, software.
But in an October talk at the Hack in the Box conference in Malaysia, Gowdiak said the situation should be taken seriously. "Vendors and [the] antivirus industry are not prepared for this kind of threat," he said in his presentation. "It should be expected that remote vulnerabilities for mobile devices will be published within the next six months."
Sun didn't publish the vulnerabilities, instead choosing to let the cell phone makers notify their customers. "We don't have a relationship with the end consumer," Chu said.
Sun estimates that more than 570 million Java-enabled handsets will have been sold by the end of 2004, and one in three handsets is equipped with Java. Hundreds of cell phone service providers rely on J2ME to sell ring tones, games and other downloads.
Sophisticated mobile devices are growing more important. According to the Meta Group, roughly two-thirds of all businesses and organisations will deploy mobile data services by 2007. Mobile email will top the application list, with half of organisations launching a wireless email system within three years and 75 percent in four years.
The vulnerability disclosure comes on the eve of CTIA Wireless I.T. & Entertainment 2004, a cell phone trade show in San Francisco, where Java will support many new services to be unveiled.
Java has been relatively free of vulnerabilities, especially compared with Windows. One advantage is that Java has built-in security features that make it hard for local or remote programs to take unauthorised actions.
Using the vulnerabilities, Gowdiak created programs for the Nokia phone that could send text messages or photos, wipe the phone's memory, connect to the Internet and steal data such as phone book records -- all without the user knowing.
And at the Hack in the Box conference, he said the vulnerabilities could potentially be used to install software that secretly records text messages, or to install other applications.
Qualcomm makes a competing but less popular technology to download software onto cell phones. There have not been any reports of vulnerabilities among the scores of carriers using Qualcomm's Binary Runtime Environment for Wireless, or BREW, technology.
Microsoft has had some issues with mobile devices; vulnerabilities have been found for its smart phone operating system, its Windows CE for gadgets and its Pocket PC software for handhelds.
Recent QCOM News
- Form 8-K - Current report • Edgar (US Regulatory) • 08/09/2024 08:05:49 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 08/09/2024 08:05:43 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 08/09/2024 08:05:27 PM
- Form 144 - Report of proposed sale of securities • Edgar (US Regulatory) • 08/08/2024 09:01:47 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 08/05/2024 09:03:28 PM
- Form 144 - Report of proposed sale of securities • Edgar (US Regulatory) • 08/02/2024 08:01:38 PM
- Qualcomm Gewinnmitteilung auf der Investor Relations Website des Unternehmens verfügbar • Business Wire • 07/31/2024 10:50:00 PM
- Publication des résultats de Qualcomm disponible sur le site web de la société consacré aux relations avec les investisseurs • Business Wire • 07/31/2024 10:50:00 PM
- Form 10-Q - Quarterly report [Sections 13 or 15(d)] • Edgar (US Regulatory) • 07/31/2024 08:02:08 PM
- Form 8-K - Current report • Edgar (US Regulatory) • 07/31/2024 08:01:12 PM
- Qualcomm Earnings Release Available on Company’s Investor Relations Website • Business Wire • 07/31/2024 08:00:00 PM
- US Index Futures Up Ahead of Fed Decision; Oil Prices Surge Amid Middle East Tensions • IH Market News • 07/31/2024 10:01:30 AM
- AMD Shares Surge 9% on Earnings Beat; Match Group Rises 10%, Pinterest & Lemonade Drop 13%, and More Earnings Updates • IH Market News • 07/31/2024 09:59:10 AM
- Qualcomm gibt Datum der Ergebnismeldung für das dritte Quartal 2024 und der Konferenzschaltung bekannt • Business Wire • 07/19/2024 08:32:00 PM
- Qualcomm annonce qu’elle va publier prochainement ses résultats pour le troisième trimestre de l’exercice 2024 et qu’elle tiendra une conférence téléphonique • Business Wire • 07/19/2024 04:22:00 PM
- Qualcomm Schedules Third Quarter Fiscal 2024 Earnings Release and Conference Call • Business Wire • 07/19/2024 01:00:00 PM
- Qualcomm gibt Quartalsbardividende bekannt • Business Wire • 07/17/2024 06:43:00 PM
- Qualcomm annonce le versement du dividende en espèces trimestriel • Business Wire • 07/17/2024 06:43:00 PM
- Qualcomm Announces Quarterly Cash Dividend • Business Wire • 07/17/2024 01:00:00 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 07/08/2024 09:39:01 PM
- U.S. Index Futures Mixed Following Tech Sell-Off, WTI and Brent Crude Dip Slightly • IH Market News • 06/25/2024 10:37:15 AM
- Trump Media Resells Stocks and Warrants; KB Home Exceeds Q2 Expectations, and More News • IH Market News • 06/20/2024 10:55:11 AM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 06/04/2024 08:07:43 PM
- Form 4 - Statement of changes in beneficial ownership of securities • Edgar (US Regulatory) • 06/04/2024 08:07:25 PM
- Form 144 - Report of proposed sale of securities • Edgar (US Regulatory) • 06/03/2024 09:27:46 PM
Maybacks Global Entertainment and ZEASN Technology Private Ltd. Sign Global Licensing Agreement • AHRO • Aug 8, 2024 7:00 AM
SANUWAVE Will Host a Conference Call on August 13, 2024 at 8:30 AM (ET) to Present Q2 Financial Results • SNWV • Aug 8, 2024 6:59 AM
Kona Gold Beverage Inc. Signs Letter of Intent with Bemax, Inc. to Sell Kona Gold, LLC • BMXC • Aug 7, 2024 10:00 AM
Btab Ecommerce Group, Inc. Launches Investor Connect AI Chatbot for Enhanced Investor Engagement and Lead Generation • BBTT • Aug 7, 2024 9:00 AM
Hydromer, Inc. Announces Preliminary Unaudited Second Quarter 2024 Financial Results and Provides Business Update • HYDI • Aug 7, 2024 8:52 AM
North Bay Resources Announces Mt. Vernon Gold Mine Startup, Sierra County, California • NBRI • Aug 5, 2024 9:00 AM