Just last month, there was a lively debate about this offer by Security Explorations. Adam Gowdiak offered details about some serious vulnerabilities, including:
- Details regarding 14 security issues affecting different Nokia Series 40 devices
- Nokia specific exploitation technique leading to the remote and persistent deployment of a backdoor shell application into the target Nokia Series 40 phone
That might sound cryptic, but in layman’s terms it means that for 20.000 euro’s you get the ability to “own” about 100 million Nokia phones. Imagine writing a worm that uses these vulnerabilities; these phones are so widespread it might spread faster than a typical computer worm.
This was first dismissed as a publicity stunt, but according to The Register this is a real issue. Quiting a Nokia spokesman:
they have “been investigating the allegations made, using our normal processes and comprehensive testing… We can confirm that both claims are valid in some of our products.”
This is serious stuff: I don’t know any phone supplier that has ever had to deal with such a serious issue on this scale.