Markus Schmall T-Mobile
Java itself has been known for several years. Within the last years this programming language gained enormous importance and, as a logical consequence, the first pure Java 2 ME (mobile edition) enabled mobile phones were introduced in 2001. Is security an issue for mobile phones?
Obviously, yes ...
In 2001 we heard of problems related to i-mode phones (NTT Docomo) and malicious emails. The presentation takes as first step a brief look at the overall architecture of Java 2 ME, the limitation in comparison to the Java 2 Standard Edition and the built-in security features.
In the following possible attack scenarios, possibilities for malicious code and possibilities how to test for common attacks will be discussed.
As a practical example, the presentation shows the propriatary Java packages shipped with Siemens SL42i/45i mobile phones and discusses security related features and dedicated attack scenarios.
Additionally, the presentation shows results of a security orientated check of Java 2 ME API calls from the Siemens Java package. Furthermore, the presentation discusses the need for digital rights management within Java 2 ME applications, which e.g. can be used to sign applications as trusted.