Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email firstname.lastname@example.org
[Full-Disclosure] J2ME security vulnerabilities
From: Adam Gowdiak (zupaman.poznan.pl)
Date: Fri Oct 22 2004 - 07:01:10 CDT
Since I received information from SUN Microsystems that they did not
plan to release
Sun Alert for the issues I found in their CLDC  reference
implementation, I would
like to announce the following.
I found two very serious security vulnerabilities in Java technology for
devices (Java 2 Micro Edition) that might be affecting about 250
millions  of
mobile phones coming from Nokia, Siemens, Panasonic, Samsung, Motorola
. Information about these flaws has been published at Hack In the Box
Conference  earlier this month in Kuala Lumpur, Malaysia.
Both vulnerabilities are implementation flaws in bytecode verifier
KVM (Java Virtual Machine for mobile devices) developed by SUN
of the flaws can be used to completely break Java security (Java type
safety) on a mobile device and to obtain access to the phone data and
operating system's functionality.
I verified on my Nokia DCT4 phone that malicious code exploiting one of
can steal data from the phone (i.e. phonebook, SMS messages), establish
with the Internet, send arbitrary SMS messages, write permanent memory
of the phone
(FLASH), interfere with or intercept IPC communication occuring between
OS tasks, install resident code on the phone. Any of the aforementioned
be conducted without user knowledge and permission.
I would like to emphasize that although escaping the KVM sandbox and
type and memory safety is almost straightforward, conducting malicious
a given device is rather difficult as it usually requires deep knowledge
internal operation of the underlying OS (I spent four months reverse
Nokia OS before I could do anything malicious from Java appplication on
I plan to release a research paper with all the details about the flaws
device specific information and some additional material that didnít fit
HITB talk, in a couple of months (1Q 2005).
Security Team of
POZNAN SUPERCOMPUTING AND NETWORKING CENTER
Full-Disclosure - We believe in it.