This is a big thing indeed if true, as it means that the complicated (and so far effective) application signing infrastructure that has kept the phones secure until now can in fact be bypassed. Up until now, only signed applications could be run on Symbian Series40 phones, which meant that only someone with a valid developer license from Symbian could install software on the devices.
Mr Gordiak also claims to have found a couple of vulnerabilities in Sun’s Java Virtual Machine, a software environment
that is in use with other types of smartphones as well. All in all, he’s trying to sell a remote exploitation toolkit for Nokia smartphones, complete with documentation.
Speaking of types, it will be interesting to find out if the hack is in someway related to a hardware bug and thus Nokia-specific, as the website seems to suggest, or if Mr Gordiak is simply trying to hold just one phone manufacturing company at a time up for ransom.