Menu
Nokia admits security flaws in Series 40 OS

Nokia admits security flaws in Series 40 OS

Nokia confirmed Thursday its widely-used Series 40 operating system has security vulnerabilities that could allow activation of stealth applications.

Nokia confirmed Thursday its widely used Series 40 operating system has security vulnerabilities that could allow stealth installation and activation of applications.

But the company was evasive on whether it paid €20,000 (US$29,500) to researcher Adam Gowdiak of Security Explorations, who wanted payment for effort spent finding the flaws.

"For obvious reasons of security, we will not comment further on the detail of our activities with Security Explorations," wrote Nokia spokeswoman Kaisa Hirvensalo, in an e-mail.

Gowdiak, a researcher in Poland, said earlier this month he had found problems with Java 2 Micro Edition, (J2ME) an application framework for mobile devices, as well as the Series 40 OS. Nokia claims Series 40 is the mostly widely used mobile device platform.

Gowdiak has done research on the Java Virtual Machine and wrote on his Web site that he worked at one time for its developer, Sun Microsystems.

Vendors typically steer clear of paying researchers for vulnerability information and alternatively encourage what they term is "responsible disclosure," or a discrete notification before vulnerability information is made public. Otherwise, users of a particular software are at risk while a vendor tries to develop a patch.

Nokia said some of its Series 40 products are vulnerable to an attack that could result in the secret installation of applications. The company said it has also found earlier versions of J2ME could allow privilege escalation or access to phone functions that should be restricted.

"Our testing has been concentrating on products that might have both of the claims present," according to a Nokia statement.

Nokia said it isn't aware of attacks against Series 40 devices, and the problems do not represent a "significant risk."

While details on the vulnerabilities are limited, Gowdiak has said an attack could be mounted by sending maliciously crafted messages to a particular phone number.

Gowdiak could not be immediately reached for comment.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Brand Post

Featured

Slideshows

Female leaders honoured at Reseller News Women in ICT Awards in 2022

Female leaders honoured at Reseller News Women in ICT Awards in 2022

​Reseller News is proud to announce the winners of the Women in ICT Awards (WIICTA) in 2022, honouring female excellence within the technology channel following an industry-defining celebration in New Zealand.

Female leaders honoured at Reseller News Women in ICT Awards in 2022
Bumper channel crowd kicks off Reseller News Women in ICT Awards

Bumper channel crowd kicks off Reseller News Women in ICT Awards

A record-breaking channel crowd came together to kick-start an expanded Women in ICT Awards (WIICTA) in 2022, honouring female excellence within the technology ecosystem following an industry-defining celebration in New Zealand.

Bumper channel crowd kicks off Reseller News Women in ICT Awards
Show Comments