Researcher wants cash for flaws

By

A security researcher is trying to garner funds to set up his own company by charging for details of software flaws.


A security researcher is trying to garner funds to set up his own company by charging for details of software flaws.

Adam Gowdiak says he has identified flaws in Java Nokia's Series 40 phone operating system and built two exploits that could be to subvert systems running the code. He is asking Nokia and Sun for €20,000 (A$34,000) to see his proof and amend the flaws, but has not ruled out selling it to third parties.

“We plan to deal with professional and serious companies from the security, telecommunication, anti-virus and government industries. Thus, we will not fulfil every single party's request for early access to our research material,” he says on his site.

“We can't do anything about the leak occurring at one of these companies. In case of a leak, we will immediately inform the public about its occurrence.”

Gowdiak claims in the forward to his paper that the flaws would allow a hacker to control certain functions of a mobile phone running Nokia’s Series 40 operating system just by knowing the phone number the phone is using.

Once into the phone it could be programmed to call high cost phone services or send duplicate copies of SMS’ or even turn the phone into a sound recorder.

The move is a break from standard security research, where vendors are informed of any flaws and researchers make their money from consultancy. Gowdiak says that would not give him the freedom to do the research he wants but that he had given the companies a brief update on the flaws.

“If one takes into account that experienced and skilled 3rd parties charge between US$200-250 per hour for security evaluation services, €20, 000 ($A34,0000) is equal to 3-4 weeks of work. So, you get the 6 months of work for the price of one month,” he says.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

CBA looks to GenAI to assist 1200 'security champions'

CBA looks to GenAI to assist 1200 'security champions'

NSW Police to embark on $126m IT overhaul

NSW Police to embark on $126m IT overhaul

Australia's super funds told to assess authentication controls

Australia's super funds told to assess authentication controls

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?