Free Trial

Safari Books Online is a digital library providing on-demand subscription access to thousands of learning resources.

Share this Page URL

J2ME ­ Java 2 Micro Edition > Current Vulnerabilities - Pg. 247

OperatingSystemandDeviceVulnerabilities·Chapter7 247 the past. The first vulnerability is related to the graphical user interface that could be tricked into hiding a security dialog. The second vulnerability is a buffer overflow in the Java virtual machine. Siemens S55 Permission Request Race Condition The Siemens S55 mobile phone contained a race condition in the security permission request user interface. This vulnerability allowed a malicious application to send short messages (SMS) without proper authorization by the user. The malicious MIDlet could simply show another harmless looking dialog right after requesting the sending of a short message. The user would only see the harmless looking dialog since it is drawn on top of the authorization dialog. When the user presses a key to close the harmless dialog, the key press is actually received by the authorization dialog. The user therefore can be tricked into sending short messages. This could be abused for scams using premium-rate short messages. The bug was discovered in 2003 by the Phenoelit group. KVM Buffer Overflow Vulnerability Early versions of the Kilobyte Virtual Machine (KVM), the virtual machine used by many J2ME implementations, contained buffer overflow vulnerabilities that allowed full access to the underlying mobile phone operating system. This issue was fixed soon after its discovery