Adam Gowdiak announced last Monday a set of 14 security vulnerabilites in JME platform for Nokia S40. Gowdiak, a Polish researcher from Security Explorations, his own start-up, mentioned that with these bugs would allow an attacker making phone calls from the phone, sending text messages , recording audio or video, access any file on a Nokia 40 model phone, obtain read and write access to the phone’s contact list, access the phone’s SIM card, and more.
Gowdiak has only disclosed part of the gathered information, asking for 20.000 € to Nokia and SUN Microsystems for the rest of the information.
I don’t want to evaluate or give my opinion about the business model of Gowdiak’s start-up. But I think that publicly disclosing part of the information is not the best strategy to obtain such benefits. You better not try to scare big companies like Nokia or Sun.
I hope this vulnerabilities will be fixed soon, for the good of S40 platform.
Link InfoWorld , JavaHispano
