Namespaces

Variants
Actions

Please note that as of October 24, 2014, the Nokia Developer Wiki will no longer be accepting user contributions, including new entries, edits and comments, as we begin transitioning to our new home, in the Windows Phone Development Wiki. We plan to move over the majority of the existing entries over the next few weeks. Thanks for all your past and future contributions.

Record store vulnerability in Series 40 (Known Issue)

From Wiki
Jump to: navigation, search

Overview

In Series 40 devices using MIDP 2.0, files stored in Record Management System can be accessed via external tools, such as a PC.

Description

In MIDP 2.0, the RMS record stores were designed to be robust/secure from a MIDlet-to-MIDlet perspective. Using authorization mode it is possible to determine whether other MIDlet suites have access to the record store.

However, the defined security design does not make RMS record stores safe against other forms of external access. RMS uses file store and was not designed to be secure against access tools which can be used via PC to access files containing discreet data, such as DRM keys.

Solution

Avoid using RMS record stores for storing sensitive data, such as DRM keys, with Series 40 devices using MIDP 2.0 and 2.1.

To improve the described RMS security deficiency with MIDP 2.0, the upcoming MIDP 3.0 specifies RMS encryption control.

This page was last modified on 30 July 2013, at 05:17.
54 page views in the last 30 days.

Was this page helpful?

Your feedback about this content is important. Let us know what you think.

 

Thank you!

We appreciate your feedback.

×