http://www.theregister.co.uk/2008/08/21/series_40_security/
Nokia has admitted that the security flaws exposed by Adam Gowdiak of Security Explorations are genuine, and that a miscreant exploiting them could do whatever they like to a Series 40 phone just by knowing the phone number.
Gowdiak posted some details earlier this month, with claims that by exploiting the flaws he could remotely install an application onto a Series 40 handset, and then provide that application with enough security permissions to execute any command he wished. Nokia has been a week or two getting back to us, but this morning admitted that they have "been investigating the allegations made, using our normal processes and comprehensive testing... We can confirm that both claims are valid in some of our products."
Jos se spekulise sta je tacno vektor napada - WAP Push je iskljucen od strane autora, tako da je logicno pretpostaviti da je u pitanju MMS.
Ovo samo pokazuje koliko su opskurni OS-evi kao sto je Symbian buduca tempirana bomba po pitanju sigurnosti.. Hakovanjem vaseg mobilnog telefona i izvrsavanjem proizvoljnih komandi je moguce napraviti veliku stetu korisniku - od povecih telefonskih racuna, preko koriscenja telefona kao transparentnog proksija za online kriminal, pa sve do klasicne kradje podataka...
Uzas
Inace, pronalazac ovog problema trazi 20000 EUR za odavanje informacija o bagu... voleo bih da ga neko uhapsi i osudi za klasicnu ucenu i iznudjivanje novca.
Inace, drago mi je sto nisam korisnik Nokia-e jos od 2004-te godine... a sada vidim i da je bilo jako dobro sto sam se oslobodio te bede na vreme :)
http://www.digicortex.net/node/1 Videos: http://www.digicortex.net/node/17 Gallery: http://www.digicortex.net/node/25
PowerMonkey - Redyce CPU Power Waste and gain performance! - https://github.com/psyq321/PowerMonkey