SERVICEPRO.ID ADALAH SOFTWARE UNTUK PARA TEKNISI DAN BISNIS JASA SERVIS

 

Search di seluruh kategori All Tags Lihat seluruh tags Lihat popular tags di bawah halaman

 

'I've cracked Nokia S40 security', claims researcher
rss You are here: All : Share : 'I've cracked Nokia S40 security', claims researcher
vote up
0
vote down

Print     answer Comment  

 

Dari sini ...

'I've cracked Nokia S40 security', claims researcher

Gimme €20k and I'll show you how
By Bill Ray → More by this author
Published Monday 11th August 2008 14:35 GMT

A lone researcher claims to have discovered a raft of security issues with Nokia's mid-range handsets, allowing him to remotely install malicious applications with unprecedented capabilities - but he's asking for €20,000 for the details.

The issues are apparently with Nokia's Series 40 platform - the proprietary OS and application stack used on the majority of the company's mid-range handsets. They allow an attacker to install Java applications onto a handset remotely before permitting those applications access to phone functions that should be secured by the Java sandbox.

The flaws were discovered by Adam Gowdiak, whose website provides very few details. But El Reg was able to establish that the initial installation is performed using a silent WAP-Push command, one that bypasses the usual user interaction, in a process that also executes the newly-downloaded application.

Additionally, Gowdiak has discovered a way to convince the Java Virtual Machine that his applications are authorised to access every API on the handset, not to mention native Series 40 functions.

Most Java applications running on a phone are limited in what they can do without the user being warned; particularly when it comes to performing chargeable actions such as making a call or establishing a data connection. But an application signed by the network operator is allowed to do such things, as the network operator is responsible for the billing; similarly, one signed by the device manufacturer can access secure memory and suchlike. Gowdiak's hack provides full access rights to his applications, enabling them to do anything.

Gowdiak believes the hack may be applicable to other handsets using Sun's Java reference implementation, though it's hard to know how widespread the problem is: device manufacturers generally tweak the implementation so some might have inadvertently closed the security hole.

But even if this is limited to Nokia's Series 40 handsets, the numbers are bewildering - we're talking hundreds of millions of devices, and given that a malicious application can be installed with only the target's phone number, the risk is enormous. A hacker might infect a few million handsets within hours, then use them to rig a phone poll and bet on the result, or simply have them all send texts to a premium-rate number - though the latter would be easier to trace.

Given the seriousness of the claims you would have thought Nokia would be leaping on the problem, though the company hasn't responded to our request for comment. Gowdiak tells us he's spoken to both Nokia and Sun, and so far neither company seems interested in stumping up €20K for the details.

The problem here is that Gowdiak's claims are remarkable - for two such serious flaws to be simultaneously uncovered by the same researcher is a tribute to his ability - but remarkable claims require remarkable evidence and Adam can't supply that without the risk of giving away the fruits of his work. He too has a mortgage to pay.

So for the moment there's no advice for Series 40 handset users, except to hope that if the flaws are as easy to exploit as Gowdiak claims, then he's still the only person who knows about them. ®

 

neutralizer
   Reg: 1 decade ago
   Journeyman 56 reps My Blog
Nokia Mac Operator

Posted 1 decade ago

 

 

 answer Punya pendapat? Jangan disimpan. Click disini
Komentar terbaru paling bawah.


d3naldi  dManiac-Stor

Journeyman 82 reps
Reg: 1 decade ago
1 decade ago (Aug 12, 2008 09:29 pm)     comment Comment Permalink   Print

ada apa ini?

gak ngerti,.

hahaha

 


JayZ

Journeyman 58 reps
Reg: 1 decade ago
1 decade ago (Aug 12, 2008 10:17 pm)     comment Comment Permalink   Print

hehhee....
ada yang bisa translate ke indo

 

user signature

bubengsiauw

Newbie 0 reps
Reg: 1 decade ago
1 decade ago (Aug 13, 2008 04:28 pm)     comment Comment Permalink   Print

Kesimpulannya donx bro

 


jlesmana

Full Member 139 reps
Reg: 1 decade ago
1 decade ago (Aug 13, 2008 09:34 pm)     comment Comment Permalink   Print

Bener2 kelas berat

 

user signature

hot_ramen

Full Member 107 reps
Reg: 1 decade ago
1 decade ago (Aug 14, 2008 12:45 am)     comment Comment Permalink   Print

Intinya: si Gowdiak bs ngehack hape2 middle class Nokia yg pake S40 dgn cara mengirimkan wap-push ke hape2 tsb secara diam2, dan stlh program hacknya terinstall, dia bs mengakses hape tsb untuk diapakan sesuka dia.
Bahayanya, dia bs aja melakukan pemerasan ke Nokia dgn mengancam akan mengirimkan programnya ke hape2 S40, dan kalo memang terbukti, berdoa aja moga2 hape kita bukan salah satu dr yg ke-hack

 

user signature
I love my X10 Mini Pro

Shadow  God

Addicted 1374 reps
Reg: 1 decade ago
1 decade ago (Aug 14, 2008 07:31 pm)     comment Comment Permalink   Print

Ya kalo gitu jangan terima wap-push sembarangan....

 

user signature

hot_ramen

Full Member 107 reps
Reg: 1 decade ago
1 decade ago (Aug 14, 2008 08:21 pm)     comment Comment Permalink   Print

wap pushnya ngk perlu approval kita bro, dia bs lgs aktifin gprs kita dan install programnya tanpa sepengetahuan kita.

 

user signature
I love my X10 Mini Pro

Shadow  God

Addicted 1374 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 04:41 am)     comment Comment Permalink   Print

Kalo gitu jangan setting GPRS nya...

 

user signature

buncis

Newbie 15 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 08:14 am)     comment Comment Permalink   Print

aya wae....

kalo gitu jangan pake HP sekaliangrin

Tinggal hp apa yah yg blm bs dihack...

 


ILCapitano
top user
Specialist 7049 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 09:34 am)     comment Comment Permalink   Print

gw pake 8250 mah ga akan kena. wkakkakaka. GPRS aja ga ada.

 

user signature
mari kita ramaikan kembali ForumPonsel.com

hot_ramen

Full Member 107 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 11:14 am)     comment Comment Permalink   Print

Wekekek.. iya, jangan setting gprs nya aman deh...
Tapi mana bisa hidup tanpa mobile internetttt.... no waaayyy

 

user signature
I love my X10 Mini Pro

Shadow  God

Addicted 1374 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 11:24 am)     comment Comment Permalink   Print

Gw bisa kok... Kan yg penting bisa nelpon dan SMS..

 

user signature

hot_ramen

Full Member 107 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 03:23 pm)     comment Comment Permalink   Print

Hahaha.. iya, maksudnya gua yang ngak bisa bro

 

user signature
I love my X10 Mini Pro

kaizoku
top user
Senior Member 374 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 07:17 pm)     comment Comment Permalink   Print

owh begitu gw kira cracked apaan...

 

user signature
STOP GLOBAL WARMING !!!
SAVE OUR WORLD !!!

inyong_pwt

Explorer 25 reps
Reg: 1 decade ago
1 decade ago (Aug 15, 2008 11:37 pm)     comment Comment Permalink   Print

cuma make S30 ma S60 hehe...
aman....

 

user signature
Kadang-kadang Permusuhan itu bukan karena sama-sama jahat, tetapi sama-sama
tidak saling memahami walaupun keduanya sama-sama baik


DoanK_aJe

Newbie 2 reps
Reg: 1 decade ago
1 decade ago (Aug 19, 2008 11:45 am)     comment Comment Permalink   Print

 

user signature
ReGard >> Dudie Doank <<



Punya informasi bagus apa hari ini? Ad new topic Post-kan di sini

 

Be nice. Respect member lain jika ingin di berikan respect yang sama. Be funny dan useful!
Logged in as Guest

18 + 1 =
Untuk melihat Preview, click: diatas form.