The new exploits could allow the attacker to run untrusted Java MIDlets, the researches warn. Successful exploitation of these flaws would open up phones running S40, 3rd edition to a long list of further exploits.
According to researchers, the list includes the following:
– gaining additional privileges for a malicious MIDlet, even manufacturer or mobile carrier level
– running a malicious MIDlet when the phone is first turned on
– accessing files
– sending SMS/MMS
– making phone calls
– reading your contacts
– accessing the SIM card
– eavesdropping using the camera and microphone
The group of researchers that uncovered the flaws claim that a several proof of concept(PoC) code is already available. However, unlike they ask for a payment of around $30,000 for those eager to take the first look at their discovery.