Mobile Phone Security - GSM-Forum

ballina · 07-12-2004, 14:04

Hi,
to clarify other posts and try and get some help with this post I will try and explain what it is I am trying to research. Mobile phone security you'd imagine is very old but yet with the sudden increase in developments one might feel that they have rushed through as many new features as possible and the security of the phone has being the sole loser.

Phones are now more than just devices to be contacted on, they are mini computers with small operating systems and many more features. They are becoming "the man on the go's computer" and if its one thing we have learned about computers over the last few years is that they are vulnerable to so much.

As a college project I am trying to see how easy it is to get inside a phones security barrier. With so many different applications such as games, logos and ringtones to name but a few being downloaded every day, how many people can be sure what they are downloading is what they really want. I am trying to develop a little application in java (J2ME) that could cause some sort of damage to a potential users phone. For example send a text message to a certain contact or delete a certain contact. This isn't something to harm other people but just something that could be used to prove that phone security isn't strong enough.

If you know anything about writing applications for phones or have any ideas it would greatly help...

kisember · 07-16-2004, 13:02

I never heard of any virus like Java application.
In standard MIDP 1.0 you can not access any personal information, not even phone manufacturer (in some cases), nor provider, nor any phone number, nor contacts...
In MIDP 2.0 it is possible to sign midlets.

There are some standard and device specific extension in top of MIDP/CLDC.
Some device/standard extension allow to access user resource (file system, galery, contacts) , but most of them need user confirmation. In upcoming devices it will avialable only for signed midlets.

It is not possible to harm a device at will. There are some bugs that may cause problems, eg. restart phone, but it can't be done at will.

07-12-2004, 14:04	#1 (permalink)
ballina Junior Member Join Date: Jun 2004 Age: 43 Posts: 12 Member: 68549 Status: Offline Thanks Meter: 0	Mobile Phone Security Hi, to clarify other posts and try and get some help with this post I will try and explain what it is I am trying to research. Mobile phone security you'd imagine is very old but yet with the sudden increase in developments one might feel that they have rushed through as many new features as possible and the security of the phone has being the sole loser. Phones are now more than just devices to be contacted on, they are mini computers with small operating systems and many more features. They are becoming "the man on the go's computer" and if its one thing we have learned about computers over the last few years is that they are vulnerable to so much. As a college project I am trying to see how easy it is to get inside a phones security barrier. With so many different applications such as games, logos and ringtones to name but a few being downloaded every day, how many people can be sure what they are downloading is what they really want. I am trying to develop a little application in java (J2ME) that could cause some sort of damage to a potential users phone. For example send a text message to a certain contact or delete a certain contact. This isn't something to harm other people but just something that could be used to prove that phone security isn't strong enough. If you know anything about writing applications for phones or have any ideas it would greatly help...

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Mobile phones catalog service with more than 1200 mobile phones	AlexAT	Trash	0	07-18-2002 21:29
Mobile phones catalog service with more than 1200 mobile phones	AlexAT	GSM Mobile Links	0	07-18-2002 21:28

07-16-2004, 13:02	#2 (permalink)
kisember Junior Member Join Date: Mar 2004 Age: 44 Posts: 21 Member: 57585 Status: Offline Thanks Meter: 0	I never heard of any virus like Java application. In standard MIDP 1.0 you can not access any personal information, not even phone manufacturer (in some cases), nor provider, nor any phone number, nor contacts... In MIDP 2.0 it is possible to sign midlets. There are some standard and device specific extension in top of MIDP/CLDC. Some device/standard extension allow to access user resource (file system, galery, contacts) , but most of them need user confirmation. In upcoming devices it will avialable only for signed midlets. It is not possible to harm a device at will. There are some bugs that may cause problems, eg. restart phone, but it can't be done at will.