Feeds

back to article 'I've cracked Nokia S40 security', claims researcher

A lone researcher claims to have discovered a raft of security issues with Nokia's mid-range handsets, allowing him to remotely install malicious applications with unprecedented capabilities - but he's asking for €20,000 for the details. The issues are apparently with Nokia's Series 40 platform - the proprietary OS and …

COMMENTS

This topic is closed for new posts.

Shot himself in the foot

I can't help but feel that the guy has shot himself in the foot here. If we assume that he has ucovered a serious floor in several hundreds of millions of handsets, €20,000 seems a pittance. Lets face it, if Nokia does stump up the cash they will just share the costs with Sun and/or other interested parties and it's a drop in the ocean to such companies.

On the other hand, he's now marked his card as an unethical hacker/blackmailer and €20k isn't going to get him very far. It's barely six months average wages!

I can't help but think he would have been much better off setting up a company and "hiring" himself to Sun/Nokia as a "consultant" at some rediculously high rate. That way he gets a foot in the door, some decent cash AND maintains/improves his reputation.

Unless, of course, he tried that, they told him to get lost and now he's getting desperate to make some money from his discovery.

0
0
Silver badge
Pirate

Bear Traps and Honey Monsters?

‘'I've cracked Nokia S40 security', claims researcher’

Hmmm. Maybe he's only cracked his own security and cannot really use what he claims ... at least not legally anyway.

0
0

This post has been deleted by a moderator

Bad People...

What if I were a bad person, would he accept 20,001 Euros from me for the info? I reckon if I can infect a couple of million handsets that dialed a premium rate number, just once, that would be a very sound investment...

0
0
Jobs Halo

Hmmm....

So... remind me again why everyone thought Apple were crazy for NOT including Java support in the iPhone?

0
0

This post has been deleted by a moderator

Happy

WEBSTER SUPPORTS APPLE?

:-O

....unless it's an imposter, of course ;)

0
0

This post has been deleted by a moderator

Silver badge

Russian Roulette if it's Vapourware, though.

"He's not exactly pimping it to russian mobsters (that we know of) is he? He'd get more that way and no mistake...." ....By Andy Watt Posted Monday 11th August 2008 16:05 GMT

Always a Plan B if it is worth anything, Andy.

0
0

This post has been deleted by a moderator

The goose that laid the golden egg

Nokia will be in no hurry to patch this as the operators wont want them to.

Customer gets a 3 grand bill in the post and rings customer service.

Customer: Why have I received a 3 grand bill?

CS: because you voted in the [insert crap reality show name here] poll 2000 times at £1.50 each

Customer: That's impossible, I don't even watch that show.

CS: Our records show you did

Customer: It must be a virus or this exploit I was reading about the other day.

CS: What handset do you have?

Customer: A Nokia 3510i

CS: Oh yeah, we heard about that and Nokia told us it was impossible so you'll have to pay.

Customer: But I didn't send those texts.

CS: They came from YOUR handset so you must have.

Customer: but I didn't

CS: we'll be debiting the whole amount by direct debit in 14 days

Customer: but you'll take me several times over my overdraft.

CS: should have thought about that before voting

Customer: but I didn't....

CS: look pay up or we'll send the debt collectors round.

Customer is so petrified that they take a loan out with a dodgy loan shark to pay their bill

The same thing happens again the next month and the customer commits suicide.

And all because Nokia and the operators were so greedy.

0
0
Pirate

Right of first refusal

He's offered Nokia the opportunity to purchase the details of the security flaw first. This is "right of first refusal". They declined to purchase and at this point he should auction the information off to anyone who wishes to purchase it.

What's the conversion rate between rubles and pounds anyway?

0
0

@Webster Phreaky

And the iPhone is so secure. It is hacked as quickly as they release new firmware updates.

0
0

WAP Push

Hmmm - if it uses WAP Push, and if that requires an active WAP connection, then I'm not overly worried. Shame though - I've seen some great low-bandwidth WAP apps (such as british rail's trip planner)

0
0

@ pctechxp

Small flaw in your otherwise humorous scenario;

"CS: we'll be debiting the whole amount by direct debit in 14 days"

Should be followed by;

"Intelligent customer contacts bank immediately to cancel D.D. arrangement"

0
0
Black Helicopters

@ dervheid

While you can cancel a standing order @ any time, a direct debit can only be cancelled by the company to whom you signed over pillaging rights.

Personally I refuse to allow this form of access to my (limited) funds and encourage others to avid them also.

Icon, 'cos I'm a suspicious individual

0
0

@AC

Do some research before claiming things that are simply not true....

"A direct debit can be cancelled at any time by the customer informing their bank or building society, usually in writing. It is also advisable to inform the supplier as well, but this is not obligatory as the bank or building society will also do it. "

From http://www.bacs.co.uk/BACS/Consumers/Direct+Debit/Your+rights/

"You can cancel a Direct Debit at any time by contacting your bank or building society. We also recommend you notify the organisation concerned."

I have cancelled several direct debits in the past.

0
0
Bronze badge
Dead Vulture

@dervheid

"Intelligent customer contacts bank immediately to cancel D.D. arrangement"

followed by

"Idiot bank forgets to do it, denies ever receiving the request to cancel and slaps you with massive penalty charges".

Like banks are any more trustworthy than phone companies.

0
0
Anonymous Coward

Cancelling DD

As part of the direct debit agreement, you can cancel any DD by writing to your bank. Or, in the case of HSBC, by doing it via your online banking.

The contract you have with the company is likely still valid though, so you're still liable to pay.

0
0

@ Duncan

Spot on.

Going back to my point, the truly intelligent customer will actually already have cancelled the direct debit upon receipt of the "3 Grand Bill" and prior to the "rings customer service".

I'd rather run the risk of being cut-off by the phone company whilst we argue over the bill, with the 3K still in MY account than let be in the position of trying to get it back from THEM.

0
0

This post has been deleted by a moderator

Dead Vulture

Nnnnoooooo

and to think I gave up details to M$ of how to gain Administrator access to Vista systems for free.

Somebody shoot me...

0
0
JC
IT Angle

am I missing something?

Sorry if I sound stoopid, not a phone expert, but isn't this kind of like Blooover?

I've used it before and managed to obtain the contents of colleagues/friends mobiles (obviously with their knowledge) via bluetooth (which they need to have active on their phone at the time), without them being prompted for authorisation etc, and i'm sure that Blooover II supports object transfer using obex... So is this guys claims based on a similar app????

0
0

cancelling DD

most banks allow you to do it via online banking but remember this could knacker your credit rating which would affect chances of getting a mortgage, another phone contract, whatever.

0
0
This topic is closed for new posts.