Java 2 Micro Edition (J2Me) Security Vulnerabilities presented at HITBSecConf Malaysia 2004

by Adam Gowdiak,

Tags: Security Exploitation

Summary : The talk will discuss Java 2 Micro Edition (J2ME) security in detail. First, general introduction to mobile Java, KVM, CLDC and MIDP concepts will be given. It will be followed by a detailed description of KVM security architecture, its operation and differences from standard Java Virtual Machine. After that several security issues affecting most of J2ME implementations will be discussed.
In the second part of the talk several vulnerability exploitation techniques specific to mobile Java code will be presented. Along with that, some useful reverse engineering techniques of KVM operation, ROM'ized java bytecode and native methods implementation will be also given.
The third part of the talk will present practical application of reverse engineering techniques discussed in the second part of the talk. This will be done specifically upon the example of the so called "closed" Nokia DCT4 cell phone. Step by step construction of a real life malicious Java midlet application will be also given in this part of the talk.
Some general thoughts about the future of mobile Java code and its implications on mobile devices security will be also given at the end of the talk.