Esato
News Forum Phones Photos Reviews Themes Wallpapers

Forum > Sony Ericsson / Sony > General > Bad Sony Ericsson News (Security hole in Sony Ericsson mobiles)

Author Bad Sony Ericsson News (Security hole in Sony Ericsson mobiles)
kyjely
W910 Red
Joined: Nov 15, 2007
Posts: 65
PM
Posted: 2007-11-19 15:19
Reply with quoteEdit/Delete This PostPrint this post
Security hole in Sony Ericsson mobiles

Adrian Nowak and Karsten Sohr, research scientists at Bremen university, have discovered a vulnerability in Sony Ericsson phones which gives applications read and write access to the device's system files. This could, for example, be exploited to replace the certificates confirming the origin of programs to be installed. While attackers could use it to install arbitrary software on the devices, users could also replace the logos and ring tones installed for "branding" purposes.

For the installation of malicious software, the user only needs to confirm that the software is allowed to read and write user data. According to the researchers this is standard practice with trusted applications and doesn't, therefore, raise any suspicion. Many of the models sold between 2005 and 2007 are affected: for example K750i, K800i, K810i, T650i and W880i. These models don't run the Symbian OS but a proprietary Sony Ericsson operating system.

Nowak and Sohr used a Java program to demonstrate the flaw. It is still unclear whether the hole is located in the operating system itself or in the Java VM. The scientists didn't want to release any details before Sony Ericsson has had the opportunity to fix the vulnerability. No statement has so far been received from the vendor.

In September, scientists at the Fraunhofer Institute for IT security (SIT) discovered a hole in Sony Ericsson's "Code Memo" password program that allows attackers to crack stored passwords.

http://www.heise-security.co.uk/news/99106

_________________


[ This Message was edited by: masseur on 2007-11-19 14:38 ]
Charge
K550 Black
Joined: Jan 07, 2006
Posts: 205
PM
Posted: 2007-11-19 17:30
Reply with quoteEdit/Delete This PostPrint this post
No, this is good news. If one of us find out these holes (the Java one) we can use it to mod our phones by changing java permissions or other stuff...
My phone: K550i FS, W610i main (Cybershot-walkman),
W880i audio drivers, MHQ beta cam drivers,
Modded menu (icons, structure - I have a new shortcut menu),
Flash menus.
Access the forum with a mobile phone via esato.mobi
Archive
Sitemap | Contact | About