Dear Bugtraq,

The following information might be of interest for the readers of this list.

Security Explorations (http://www.security-explorations.com), a new security
research start-up company from Poland discovered two very serious security
vulnerabilities in mobile Java technology [1] coming from Sun Microsystems
and used by Nokia in its Series 40 platform [2] devices.

The vulnerabilities allow to completely bypass Java security 
restrictions and
conduct certain malicious actions on a vulnerable device.

Research arm of Security Explorations proved that the following actions 
could
be conducted in a reliable manner on selected Nokia phones:
     * arbitrary sms/mms/WAP PUSH sending
     * establishing of arbitrary phone calls
     * establishing of arbitrary Internet connections
     * full access to the files stored on a device
     * video and audio recording
     * full phonebook access
     * SIM card access
     * persistent and stealth backdoor code installation with the 
operator or
       manufacturers privileges

The total number of vulnerable devices could reach the 1.5 billion [3] mark
due to the high possibility that a reference implementation of Sun's mobile
Java technology is affected (Sun Wireless Toolkit v. 2.5.2 is affected).

Security Explorations was also able to discover multiple (14 in total) 
security
issues in Nokia Series 40 devices that among other things allow for the 
remote
exploitation of the mobile Java issues. Remote attackers can get 
unauthorized
access to selected Nokia devices from arbitrary remote location. In a 
result,
remote execution of malicious applications can take place. All of that can
happen automatically and without the user consent.

Remote attack and successful backdoor application installation against
selected Nokia Series 40 devices was verified in the environment of a 
real GSM
network in Poland.

On selected Nokia devices, malicious application can be executed in the
background, which means that it will be not visible on the screen at 
all. Such
a feature of mobile Java implementation used in Nokia devices can be 
exploited
by the attacker to silently control the vulnerable device. Security
Explorations implemented the shell application that could be used to run
arbitrary commands on a hacked Nokia Series 40 phone.

Thank you.

Adam Gowdiak
-------------------------------------
Security Explorations
http://www.security-explorations.com
-------------------------------------

[1] http://java.sun.com/javame/index.jsp
[2] http://www.forum.nokia.com/main/platforms/s40/
[3] http://dsc.sun.com/mobility/device/device