They say loopholes in the software could allow hackers to scroll through a phone's address book by remote control and even eavesdrop on conversations.
The warning was made by organisers of an international conference on computer security in the Malaysian capital, Kuala Lumpur.
The Hack in the Box conference runs until 7 October.
Delegates at the conference are to be shown a demonstration of security flaws found in the Java 2 Micro edition or J2ME software, jointly developed by Sun Microsystems, Nokia, Sony Ericsson and Motorola.
It is supplied with those companies' latest smartphones and PDA phones.
Experts say the flaw lies in the way Java tries to keep the operating system from accepting commands from outside.
According to the meeting's organiser, Dylan Andrew, users could have personal information stolen or even find themselves bugged. 
"The new generations of phones actually come with a lot more powerful software within the operating system," he said.
"We've actually found new attacks that affect these new platforms that allows an attacker to, for example remotely take control of your phone, maybe read your address book or even eavesdrop on a conversation."
The mobile industry is aware of these security issues, said Sal Viveros, director of wireless security at McAfee.
He told BBC News Online that the danger was not so much from malicious Java programs, but from badly written code that could have unintentional consequences.
"The risk is pretty minimal, but there is a risk out there," he said.
"I don't think people need to be too alarmed, but they should start asking their mobile operators to provide them with protection."
Fighting spam
However, there may be better news for those who are fed up with being inundated with junk e-mail.
Spam is often used to send viruses or Trojans, small programmes that allow machines to be run remotely without their owner's knowledge.
Some 750,000 computers are thought to be hijacked at any one moment.
If they are alerted to the problem, companies that provide connections to the internet will often disconnect users who send spam and viruses.
However, making complaints can be time consuming as thousands of spam e-mails are created every day.
The former hacker turned security pioneer, John Draper, is due to present details of software which he says can send complaints automatically.
"Spam is a very big issue, because it offers huge financial incentives for the creation of viruses, Trojans and other tools to spread spam," he said.
"These Trojans have to be identified and shut down.
"Spam mail is the key because we use spam as a means of identifying these infected hosts so that we can point them out to network administrators so they can shut them down."
He says the software is already helping to shut down 150,000 rogue computers each month.
No comments:
Post a Comment