Nokia has admitted that the security flaws exposed by Adam Gowdiak of Security Explorations are genuine, and that a miscreant exploiting them could do whatever they like to a Series 40 phone just by knowing the phone number. Gowdiak posted some details earlier this month, with claims that by exploiting the flaws he could …
"but it seems our cynicism was misplaced"
How does humble pie taste ?
(At least you've got the balls to admit you were wrong)
Nuclear war, maybe?
Paris, because she wouldn't know the answer either
Nokee-ah: burn in hell !!
Oh really? Admits problems? How noble of them!
Perhaps another researcher can discover the "n80 series problem" (faulty cables) with the N80 phones where after 10 - 20 months your fucking n80 starts dying. Some problem with the "flex cable" inside it. Go google it.
I don't know, I feel like this phone in particular was a Beta testing phone.
I called Nokia Care or whatever it is marketing calls them, "We're sorry, our repair shop in your country was closed some months ago, go fuck yourself"
These companies only admit their flaws when publicly exposed and embarrased.
My next phone will be Samsung or LG, I hate thee Nokee-ah, burn in hell!!!
Nokia, nokia. Foot shot, toes bleed.
- Nokia has been a week or two getting back to us, but this morning admitted that they have "been investigating the allegations made, using our normal processes and comprehensive testing... We can confirm that both claims are valid in some of our products."
Comprehensive testing? I think we can all see the flaw in this argument.
Incidentally, I did a little hunting for the fella who found the flaw on the web. Once I saw his previous in this area, I was convinced he wouldn't lie about it. Why were the staffers so cynical? Did you _really_ think Nokia would have found this in testing? Come on.
Registered interest alert: I was a mobile phone software test engineer (including Java virtual machines) for 7 years... NOT FOR NOKIA, I might add.
Guessing the vector
Adam has excluded WAP push as the vector. MMS is then the next likely suspect. This begs the question if a virus / worm could use the vector as a replicator. The network meltdown caused by 100M+ infected client devices would be one of biblical proportions.
If anyone with the know-how can insert an app on to your phone and run it without you knowing, then the same could also be done by Nokia installing a security fix.
Welcome to the most interesting security race of the year :)
there's NO WAY that you've only had 6 comments on this story.
I know this to be a fact, as I posted to this yesterday, and so far...
Now, this has to be one of the biggest potential mobile security issues in a very long time!
100 million affected handsets. 6 comments?
As always, valid points and well made.
Registered interest alert: But Nokia are still in business (just?)