Home.... | log in.... | Pub my question! | Sign-up....
Java-index >> Java Mobility Forums >> Java ME Technologies

Need Help - Security

Hi Team,

I am a J2ME developer, my company is engaged in j2me application development. Currently the issue we are facing is how to prevent j2me application which is installed on phone from external application. We are storing data in RMS by encrypting it but my manager says it抯 not enough; what if there is trozen in that device which takes memory dump (runtime) and can get the keys which our application is using. How to prevent that?, I cant understand that it is whose responsibility to prevent such attacks (developer/platform/OS) ?

And if that is really possible that what can developer do?

Message was edited by:

j2mian

[659 byte] By [j2miana] at [2007-11-27 5:22:41]
«« adding Image in Java Applet
»» ObjectInputStream error
# 1
encrypt your app with proguard (reverse enginnering is always possible but hard!) andwrite a specific crypto algorithm for your datas...
suparenoa at 2007-7-12 11:48:15 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 2
Thanks for reply.But I am not talking about code security. Consider my application requires password to enter;now that password will be in memory (heap) after user enters it and suppose if there is trozen which reads this memory footprint and gets the password like that.
j2miana at 2007-7-12 11:48:15 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 3
no!!! the password is never in the app.you MUST make a servlet for the connection. all the datas MUST be on the server, not in theMIDlet (and don't worry about trojan on mobile, it is not a real theat!)
suparenoa at 2007-7-12 11:48:15 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 4

You are right ; actually pwd is on server but thing is when I enter it in text box and press login it will go to server to verify but thing is that textbox object will be in memory and if some trozen .......which can read memory dump...than...as you said its not real threat but I dont know how to convince since I dont have any strong proof that its not real threat.

Thank dear.

j2miana at 2007-7-12 11:48:15 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 5
you can say to your boss to not use a computer because somebody can infiltrate yournetwork and take all the informations inside (even if it's a Windows !!!)...
suparenoa at 2007-7-12 11:48:15 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 6
You are right ;but I dont want to loose my job (just kidding)Actually we are sort of proper evidence.Lets see what other developers has to say about this...
j2miana at 2007-7-12 11:48:16 > top of Java-index,Java Mobility Forums,Java ME Technologies...
# 7
have you read this: http://www.ibm.com/developerworks/wireless/library/wi-secj2me.html
suparenoa at 2007-7-12 11:48:16 > top of Java-index,Java Mobility Forums,Java ME Technologies...
Java Mobility Forums
Java ME Technologies

Java Mobility Forums Hot Topic

Java Mobility Forums

All Classified