Record store vulnerability in Series 40 (Known Issue)
Series 40 6th Edition FP1
Series 40 6th Edition (initial release)
Series 40 5th Edition FP1
Series 40 5th Edition (initial release)
Series 40 3rd Edition FP2
Series 40 3rd Edition FP1
Series 40 3rd Edition (initial release)
Series 40 2nd Edition
Series 40 1st Edition
In Series 40 devices using MIDP 2.0, files stored in Record Management System can be accessed via external tools, such as a PC.
In MIDP 2.0, the RMS record stores were designed to be robust/secure from a MIDlet-to-MIDlet perspective. Using authorization mode it is possible to determine whether other MIDlet suites have access to the record store.
However, the defined security design does not make RMS record stores safe against other forms of external access. RMS uses file store and was not designed to be secure against access tools which can be used via PC to access files containing discreet data, such as DRM keys.
Avoid using RMS record stores for storing sensitive data, such as DRM keys, with Series 40 devices using MIDP 2.0 and 2.1.
To improve the described RMS security deficiency with MIDP 2.0, the upcoming MIDP 3.0 specifies RMS encryption control.