The worlds most popular mobile phone platform now allows hackers to do the worst thing ever can be done to your mobile phones. The risk level is so high that a hacker can remotely do almost every thing that the owner can do with it. Surprisingly the platform is now implemented on more than 140 models from Nokia and over 100 million devices have been sold till date.

Nokia Series 40, yes it is. The research company Security Explorations has claimed that actually the vulnerability comes from Sun Microsystems J2ME platform which is being used by Nokia in its Series 40 handsets. From the research company’s press release, we can find that the company which is to be blamed is Sun and now Nokia. The vulnerability allows a hacker to by-pass all security restrictions in J2ME platform and do certain action without the user’s knowledge. Some of the malicious actions that could be successfully achieved are listed below.

1) Arbitrary SMS / MMS / WAP PUSH message sending.
2) Making arbitrary phone calls.
3) Connecting to the Internet.
4) Full read/write access to the file system on the device.
5) Silent audio and video streams recording.
6) Read/Write access to the contact database.
7) Access to phone’s SIM card.
Install an application with network operator or manufacturers privileges (Trusted domain… I guess)

What else even the device owner can do to his phone?

A part of the press release says the company has discovered 14 security issues in Nokia S40 devices that allows the remote attack against mobile phones. An Attacker can obtain unauthorized access to selected Nokia device by just sending a sequence of messages to the phone. Once he has successfully managed to send those messages he can install an application on the phone that has all permissions to access the entire phone without the knowledge of the phone user.

[via: J2ME Security Vulnerability]