The Journal of Object Technology has posted a document with some in-depth information on the security of Java 2 Micro-Edition Connected Limited Device Configuration (J2ME CLDC). With so many mobile devices, including phones, running this platform expect to see more and more analysis and attacks in this area.

Problems already found show that the usual suspects (buffer overflow, input validation, confidentiality, session control, etc.) linger and should not be overlooked:

We showed that the J2ME CLDC security model needs some refinements (e.g. permissions and protection domains). Moreover, we demonstrated the presence of some vulnerabilities exist in the RI of MIDP 2.0 (e.g. SSL implementation). Some phones were also shown to be vulnerable to security attacks like the Siemens SMS attack, while other phones followed a restrictive approach in implementing the J2ME CLDC platform.