Java 2 ME - a playground for malicious code?
Markus Schmall T-Mobile
Java itself has been known for several years. Within the last years
this programming language gained enormous importance and, as a logical
consequence, the first pure Java 2 ME (mobile edition) enabled mobile
phones were introduced in 2001. Is security an issue for mobile
phones?
Obviously, yes ...
In 2001 we heard of problems related to i-mode phones (NTT Docomo) and
malicious emails. The presentation takes as first step a brief look at
the overall architecture of Java 2 ME, the limitation in comparison to
the Java 2 Standard Edition and the built-in security features.
In the following possible attack scenarios, possibilities for
malicious code and possibilities how to test for common attacks will
be discussed.
As a practical example, the presentation shows the propriatary Java
packages shipped with Siemens SL42i/45i mobile phones and discusses
security related features and dedicated attack scenarios.
Additionally, the presentation shows results of a security orientated
check of Java 2 ME API calls from the Siemens Java package.
Furthermore, the presentation discusses the need for digital rights
management within Java 2 ME applications, which e.g. can be used to
sign applications as trusted.
del.icio.us 
digg this
This month's VB100 test saw some major changes and a radical overhaul of the VB100 test methodology - for the first time allowing products to use their 'cloud' look-up systems. John Hawes has all the details.