[ISN] Nokia admits mobile phone security flaws

From: InfoSec News <alerts_at_private>
Date: Fri, 22 Aug 2008 00:08:54 -0500 (CDT)

By Jeremy Kirk
IDG news service
21 August 2008

Nokia has confirmed that its widely used Series 40 operating system has 
security vulnerabilities that could allow stealth installation and 
activation of applications.

But the company is evasive on whether it paid €20,000 (£15,854) to 
researcher Adam Gowdiak of Security Explorations, who wanted payment for 
the six-month effort spent finding the flaws.

Gowdiak would not disclose if he was paid, but said that only reputable, 
vetted companies that pay would get the full research, which amounted to 
180 pages and 14,000 lines of proof-of-concept code.

Nokia has a complete copy of Gowdiak's research, said Mark Durrant [cq] 
of Nokia's corporate communications.

The mobile giant's position could rekindle the debate among security 
professionals on whether voluntary research should be rewarded by 
vendors whose products are affected.


Register now for HITBSecConf2008 - Malaysia! With 
a new triple-track conference featuring 4 keynote 
speakers and over 35 international experts, this 
is the largest network security event in Asia and 
the Middle East! 
Received on Thu Aug 21 2008 - 22:08:54 PDT

This archive was generated by hypermail 2.2.0 : Thu Aug 21 2008 - 22:28:54 PDT