Java 2 ME - a playground for malicious code?

Markus Schmall T-Mobile

Java itself has been known for several years. Within the last years this programming language gained enormous importance and, as a logical consequence, the first pure Java 2 ME (mobile edition) enabled mobile phones were introduced in 2001. Is security an issue for mobile phones?

Obviously, yes ...

In 2001 we heard of problems related to i-mode phones (NTT Docomo) and malicious emails. The presentation takes as first step a brief look at the overall architecture of Java 2 ME, the limitation in comparison to the Java 2 Standard Edition and the built-in security features.

In the following possible attack scenarios, possibilities for malicious code and possibilities how to test for common attacks will be discussed.

As a practical example, the presentation shows the propriatary Java packages shipped with Siemens SL42i/45i mobile phones and discusses security related features and dedicated attack scenarios.

Additionally, the presentation shows results of a security orientated check of Java 2 ME API calls from the Siemens Java package. Furthermore, the presentation discusses the need for digital rights management within Java 2 ME applications, which e.g. can be used to sign applications as trusted.


We have placed cookies on your device in order to improve the functionality of this site, as outlined in our cookies policy. However, you may delete and block all cookies from this site and your use of the site will be unaffected. By continuing to browse this site, you are agreeing to Virus Bulletin's use of data as outlined in our privacy policy.