Vulnerability Hits Java For Cell Phones

KingFishKingFish
edited October 2004 in Science & Tech
A Polish researcher has found two vulnerabilities in the cell phone version of Sun Microsystems' Java software that under unusual circumstances could let a malicious program read private information or render a phone unusable.
The flaws are difficult to exploit because malicious programs must be tailored to a specific model of cell phone, said Adam Gowdiak, a 29-year-old security researcher with the Poznan Supercomputing and Networking Center who discovered the vulnerabilities. He figured out how to attack a Nokia 6310i mobile phone, but the effort took four months, he said in a Friday posting to the BugTraq vulnerability mailing list. Before the vulnerabilities could be exploited, a phone user would have to download and run a malicious Java program, called a midlet, Gowdiak said in an e-mail interview. He's not aware of a way to automate an attack. He notified Sun of the vulnerabilities in August, and the company said it sent Java licensees a patched version of the vulnerable component, called the Java bytecode verifier, within two weeks.
Source: c|net

Comments

  • MedlockMedlock Miramar, Florida Member
    edited October 2004
    Hmm... My friend has a phone that runs java for games and other stuff. It'd be pretty funny if he got hacked. :D
  • ThraxThrax 🐌 Austin, TX Icrontian
    edited October 2004
    I run java for games and apps too. Crappy.
Sign In or Register to comment.